Dymocks Booksellers suffers data breach impacting 836k customers

Dymocks Booksellers has issued a cautionary advisory to its customers that their confidential data has been leaked following a hack where the company's database was shared on online forums specializing in unauthorized access.

Dymocks runs a bunch of bookstores all over Australia, New Zealand, and Hong Kong, and they also have an internet store where they sell all sorts of stuff like books (both electronic and printed), stationery, games, and digital media.

On September 6th, 2023, Troy Hunt, who made the data breach notification service 'Have I Been Pwned' (HIBP), told the company that a bad guy revealed the customer data on a hacking forum.

Dymocks, a store that sells books, has put up a message on their website. They have mentioned that they have not found any proof of unauthorized access to their computer networks. However, they are looking into the possibility of a security breach that may have occurred through the systems of their partners who are not part of their company.

Therefore, it is still uncertain how the information was acquired, how long the unauthorized entry lasted, the scale of harmful behavior, and the specific range of repercussions resulting from this occurrence.

Dymocks and their hired professionals have conducted an inquiry and have ascertained that particular categories of customer data have been breached: 1. Names 2. Addresses 3. Email addresses 4. Telephone numbers 5. Birth dates 6. Transaction details The organization is taking significant measures to manage this situation and keep their customers informed.

Dymocks made it clear that they do not retain any financial information of their customers, hence no such particulars have been leaked.

It has been verified by Have I Been Pwned that the information that was made public includes 1.2 million individual pieces of data regarding 836,120 Dymocks accounts.

The incident has been reported to all applicable agencies, and Dymocks is presently striving to conclude its inquiry and introduce more safety precautions to prevent similar occurrences in the future.

Furthermore, Dymocks guarantees its customers that shopping on its online store is still secure. Nevertheless, it suggests that users modify their account password.

Data Widely Spread Already

According to Troy Hunt, there has been a widespread distribution of Dymocks customer data over the past few months in numerous Telegram channels and online hacking communities - starting in June 2023.

Although, it must be noted that the leaked data provides ample avenues for cybercriminals to carry out phishing and scamming activities aimed at the bookstore's customers.

BleepingComputer stumbled upon a message on the BreachForums hacking forum, which had been updated on September 3rd, 2023. The post advertised access to the pilfered database to other group members for a small fee.

To Get Free EBooks "Get Free EBooks: Tips For Dymocks Customers"

Although passwords were not revealed in the Dymocks data breach, it is highly recommended that users alter their passwords on the website as a precautionary measure.

Moreover, if you utilized the identical password for other websites, it is recommended to modify it on those platforms as well.

To avoid the impact of a data hack on your other accounts, make sure to create a robust and distinct password for each website you use when changing your passwords.

Using a password manager is highly recommended as it can simplify the process of having distinctive passwords for each website.

In conclusion, since the information was made available to the public at no cost, Dymocks' clientele must remain vigilant for any suspicious emails requesting their credit card or login details, as these could be phishing attempts aimed at exploiting the data leak.