ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Bonobos Data Breach

bonobos.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 2,811,929
Breach date 14 Aug 2020
Added to tracker 31 Jan 2021
Data classes 9

What happened

In August 2020, the clothing store Bonobos suffered a data breach that exposed almost 70GB of data containing 2.8 million unique email addresses. The breach also exposed names, physical and IP addresses, phone numbers, order histories and passwords stored as salted SHA-512 hashes, including historical passwords. The breach also exposed partial credit card data including card type, the name on the card, expiry date and the last 4 digits of the card. The data was provided to HIBP by dehashed.com.

Exposed data

Email addresses Historical passwords IP addresses Names Partial credit card data Passwords Phone numbers Physical addresses Purchases

Recommended actions

  • Change your Bonobos password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Bonobos โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP