{ "id": "5b4abb6c-6424-425b-a530-f55bcb45dcb1", "created_at": "2026-04-06T00:18:41.739234Z", "updated_at": "2026-04-10T13:12:11.577909Z", "deleted_at": null, "sha1_hash": "7d00f0907483647713922a3554f3a96070488149", "title": "Bonobos clothing store suffers a data breach, hacker leaks 70GB database", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3734271, "plain_text": "Bonobos clothing store suffers a data breach, hacker leaks 70GB\r\ndatabase\r\nBy Lawrence Abrams\r\nPublished: 2021-01-22 · Archived: 2026-04-05 17:12:17 UTC\r\nBonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after\r\na cloud backup of their database was downloaded by a threat actor. Bonobos states that the corporate systems were not\r\nbreached during the attack.\r\nBonobos started as an online men's clothing store but later expanded to sixty locations to try on clothes before purchasing\r\nthem. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site.\r\nLast weekend, a threat actor known as ShinyHunters, who is notorious for hacking online services and selling stolen\r\ndatabases, posted the full Bonobos database to a free hacker forum.\r\nhttps://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nForum post leaking the Bonobos database\r\nMassive 70 GB database leaked\r\nThis leaked database is a monstrous 70 GB SQL file containing various internal tables used by the Bonobos website. The\r\ndatabase also includes various data far more interesting to threat actors, such as customers' addresses, phone numbers, partial\r\ncredit card numbers (last four digits), order information, password histories.\r\nThe amount of records varies depending on the category of the data. For example, the address and phone numbers are for 7\r\nmillion shipping addresses, account information for 1.8 million registered customers, and 3.5 million partial credit card\r\nrecords.\r\nLeaked user records table\r\nThe passwords stored in the database are hashed using SHA-256 or SHA-512 according to threat actors who have started to\r\nanalyze the database. One threat actor claims to have already cracked the passwords for 158,000 SHA-256 passwords but\r\nhas been unable to crack the SHA-512 passwords.\r\nThe hacker turned the cracked passwords into a 'combolist' used in credential stuffing attacks, which is to log in using the\r\nstolen credentials at other sites.\r\nBackup database was stolen from the cloud\r\nAfter BleepingComputer contacted Bonobos about the leaked database, the clothing store told us that the threat actors did\r\nnot gain access to internal systems but rather to a backup file hosted in an external cloud environment.\r\nhttps://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nPage 3 of 6\n\n\"Protecting our customers’ data is something we take very seriously. We’re investigating this matter further and, so far, have\r\nfound no evidence of unauthorized parties gaining access to Bonobos’ internal system. What we have discovered is an\r\nunauthorized third party was able to view a backup file hosted in an external cloud environment. We contacted the host\r\nprovider to resolve this issue as soon as we became aware of it.\"\r\n\"Also, we have taken additional precautionary steps, including turning off access points, invalidating account passwords and\r\nrequiring password resets, to further secure customer accounts. We're emailing customers to notify them that their contact\r\ninformation and encrypted passwords may have been viewed by an unauthorized third party. Payment information was not\r\naffected by this issue. We’ll continue to share updates with customers as they become available,\" Bonobos told\r\nBleepingComputer via email.\r\nThough the database did not include full payment information in the database, threat actors can use the partial data in\r\ntargeted phishing attacks.\r\nPartial credit card information in the database\r\nUpdate 1/24/21: Bonobos has begun to email data breach notifications to affected customers, as shown below.\r\nhttps://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nPage 4 of 6\n\nBonobos data breach notification\r\nWhat should Bonobos users do?\r\nAs this is a confirmed data breach, it is strongly recommended that all Bonobos users immediately change their password on\r\nthe site.\r\nIf the same password has been used at other sites, change your password to a unique one there as well.\r\nUsing unique passwords at every site you have an account prevents a data breach at one site from affecting you at other\r\nwebsites you use.\r\nBleepingComputer recommends using a password manager to track strong and unique passwords for the sites you have\r\naccounts.\r\nFinally, all Bonobos customers should be on the lookout for emails asking for credit card or login information, as it could\r\nbe targeted phishing scams resulting from this data breach.\r\nUpdate 1/22/21: Our story originally mentioned that the database contained virtual gift cards. Bonobos told us that this data\r\nis store credit and cannot be redeemed as tender.\r\nUpdate 1/24/21: Bonobos has begun to email data breach notifications to affected users.\r\nhttps://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nPage 5 of 6\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nhttps://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/" ], "report_names": [ "bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434721, "ts_updated_at": 1775826731, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7d00f0907483647713922a3554f3a96070488149.pdf", "text": "https://archive.orkl.eu/7d00f0907483647713922a3554f3a96070488149.txt", "img": "https://archive.orkl.eu/7d00f0907483647713922a3554f3a96070488149.jpg" } }