ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

MALL.cz Data Breach

mall.cz
Limited exposure
Verified breach Passwords exposed
Accounts exposed 735,405
Breach date 27 Jul 2017
Added to tracker 04 Sep 2017
Data classes 4

What happened

In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online. Whilst passwords were stored as hashes, a number of different algorithms of varying strength were used over time. All passwords included in the publicly distributed data were in plain text and were likely just those that had been successfully cracked (members with strong passwords don't appear to be included). According to MALL.cz, the breach only impacted accounts created before 2015.

Exposed data

Email addresses Names Passwords Phone numbers

Recommended actions

  • Change your MALL.cz password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing MALL.cz — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP