ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Romwe Data Breach

romwe.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 19,531,820
Breach date 01 Jun 2018
Added to tracker 18 Jan 2021
Data classes 6

What happened

In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

Exposed data

Geographic locations IP addresses Names Passwords Phone numbers Physical addresses

Recommended actions

  • Change your Romwe password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP