ShellCodeX Breach Report
Romwe Data Breach
romwe.com
Verified breach
Passwords exposed
Accounts exposed
19,531,820
Breach date
01 Jun 2018
Added to tracker
18 Jan 2021
Data classes
6
What happened
In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Exposed data
Geographic locations
IP addresses
Names
Passwords
Phone numbers
Physical addresses
Recommended actions
- Change your Romwe password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP