Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Havenly discloses data breach, 1.3M accounts available online

Havenly, a Denver-Based company, that realized an interior designer marketplace has disclosed a data breach that impacted 1.3 million users. The US-based interior design web site Havenly has disclosed a data breach after the known threat actor ShinyHunters has leaked for free the databases of multiple companies on a hacker forum. Last week, BleepingComputer reported that ShinyHunterswas […]

havenly DB hacker forum

Havenly, a Denver-Based company, that realized an interior designer marketplace has disclosed a data breach that impacted 1.3 million users.

The US-based interior design web site Havenly has disclosed a data breach after the known threat actor ShinyHunters has leaked for free the databases of multiple companies on a hacker forum.

Last week, BleepingComputer reported that ShinyHunterswas offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online.

The threat actors released nine new databases belonging to several companies, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird, and Vakinha. The remaining nine databases were already released by ShinyHunters in the past.

The ShinyHunters hacker posted the Havenly database containing 1.3 million user records for free.

Source BleepingComputer

The leaked records included a login name, full name, MD5 hashed password, email address, phone number, zip, and other data related.

The company has notified impacted users via email, it admitted to having recently discovered the data breach, in response to the incident it has forced a password reset.

“We take the security of our community very seriously. As a precaution, we wanted to let you know that we recently became aware of a potential incident that may have affected the security of certain customer accounts. We are working with external security experts to investigate this matter.” reads the data breach notification.

“However, in the meantime, out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website. As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis,”

The company revealed that financial data was not exposed because it does store only the last four digits of users’ credit cards.

“We suspect that many of you will be concerned about the credit card numbers that you’ve used with Havenly in the past. Please note: we do NOT store credit card information, apart from the last 4 digits of the card in some cases, which is not enough to engage in credit card fraud,” Havenly disclosed.

Havenly users could check if their data was exposed by querying the popular data breach notification service Have I Been Pwned.

Users are invited to change passwords for any other service where they share the same Havenly’ login credentials to avoid being victims of credential stuffing attacks.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Havenly)

[adrotate banner=”5″]

[adrotate banner=”13″]