ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

LuLu Data Breach

luluhypermarket.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 2,796,835
Breach date 06 Jul 2024
Added to tracker 02 Aug 2024
Data classes 6

What happened

In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The following month, the threat of leaking the full database was carried out and a backup from October 2022 with a further 2.6M unique email addresses appeared. This data also included names, physical addresses, orders and PBKDF2 password hashes.

Exposed data

Email addresses Names Passwords Phone numbers Physical addresses Purchases

Recommended actions

  • Change your LuLu password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing LuLu โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP