ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Fashion Nexus Data Breach

fashionnexus.co.uk
Significant exposure
Verified breach Passwords exposed
Accounts exposed 1,279,263
Breach date 09 Jul 2018
Added to tracker 31 Jul 2018
Data classes 10

What happened

In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris. The various sites exposed in the incident included a range of different data types including names, phone numbers, addresses and passwords stored as a mix of salted MD5 and SHA-1 as well as unsalted MD5 passwords. When asked by reporter Graham Cluley if a public statement on the incident was available, a one-word response of "No" was received.

Exposed data

Browser user agent details Dates of birth Email addresses Genders IP addresses Names Passwords Phone numbers Physical addresses Purchases

Recommended actions

  • Change your Fashion Nexus password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Fashion Nexus — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP