The Dutch cosmetics chain Rituals has admitted to a security breach that exposes personal data of members of its MyRituals loyalty program. The compromised information includes names, addresses, phone numbers, email addresses, dates of birth, and gender. The company assures that passwords and payment data are safe, but has not disclosed the exact number of affected individuals among its 41 million users.
The attack hits the loyalty database without full encryption 🔓
The breach at Rituals appears to have originated from unauthorized access to the servers storing member profiles. Although the company claims that passwords are hashed and payments were not compromised, the exposure of data such as postal addresses and dates of birth suggests that the encryption layer did not cover all personal information. This type of incident often occurs due to API vulnerabilities or a lack of sensitive data segmentation, leaving users exposed to targeted phishing campaigns.
At least they didn't take the free gift bag 😅
Rituals assures us that passwords and payment data are safe, which is a relief. Because, let's be honest, the worst part isn't that they know your date of birth and gender, but that they find out you still use the same password from your twenties. Now we just need the hackers to start redeeming loyalty points for scented candles before you can.