Phishing Scam Spread Using Information Stolen Off Email Data Servers

Unfortunately, it appears as though many of my colleagues in the industry have already beaten me to a report on this subject, but I can guarantee none of them have been published by like I have – so f*ck em. Regardless, earlier today, April 22nd 2019, came out with a press release revealing that their customers had been the victim of a massive phishing campaign spread using the email addresses stored on company servers. In the release, company representatives claim to have discovered the breach in February 2019, 8 months after the spread of the phishing campaign began in July 2018.

According to the release, “exposed data includes names, email addresses, physical addresses, phone numbers, order histories, communications with, birthdays, account usernames and passwords, and information included in customers’ BodySpace profiles.” Additionally, the company claims that “the last four digits of stored payment card numbers may also have been affected,” but all other payment information remained safe. In response to the conclusion of the investigation into the data breach, has took it upon themselves to reset the account passwords of every single one of their customers – myself included.

Lastly, as I just ordered something from the site last night, at least I can confirm that nothing fraudulent has been done to/with my account or any of the data on it – and the company certainly wont be losing my business over this in the future.

Full Release from



Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd