Online glasses retailer Warby Parker was hit by a cybersecurity attack that affected about 198,000 of its customers from late September to late November, according to reports.
The hackers stole usernames and passwords and tried to access accounts. Warby Parker contacted law enforcement when it found out about the breach. The hackers reportedly used info obtained from the unrelated hacking of other companies.
Warby Parker got in touch with users who they think may have been impacted, and asked them to change their passwords. The company said it didn’t have any indication that the attacks were successful in stealing any credit card information.
One of the biggest problems with these types of data breaches is that many users repeat passwords over many sites, and when information is stolen from one company, it can often be used by another. Warby Parker said that is what happened with this breach.
The identity theft firm 4iQ did a study last year about password use and found that almost half of the study respondents reused their passwords over multiple sites. While companies are trying to fight the problem, the password issue can exacerbate it.
Retail hacking is a frequent problem for large companies. Last Summer, Macy’s was also targeted by hackers. From the end of April to the middle of June, hackers were able to access usernames and passwords, and then got names, email addresses, phone numbers, birthdays and payment card info. Macy’s said at the time that the hackers didn’t get Social Security numbers or card CVV numbers.
In 2016, travel site Orbitz was affected by a data breach where hackers were able to get the personal info from an estimated 880,000 payment cards.