2022 Knifecenter data breach?

[elkins45]

TLDR Knifecenter might have had a data breach.

I received an email today from a company (not Knifecenter) saying my data had been part of a breach, and as a result they were giving me two free years of data monitoring thru a company called IDX. As soon as I created an IDX account and before I gave them any information other tham my email address there was an alert on my dashboard saying the following:

On April 15, 2022, the BreachForums actor "S420" posted a data breach package targeting the organization KnifeCenter (knifecenter[.]com), a U.S-based online shop for cutlery products. The actor noted that the data dump is from the year 2022. From this package, ZeroFox extracted 1,029,219 email addresses. Of this total, an assessed 431,170 records contained hashed passwords. Other notable compromised data fields in this package include first name, last name, company, address, city, state, zip, country, and phone.

I don't recall ever getting an alert from Knifecenter, but it was a year ago so who knows if I missed it? Anyway, if you're a Knifecenter customer it might make sense to go change your password. I can't vouch for the accuracy of this alert from IDX but changing a password is easy enough to do.

 

[knarfeng]

Having a unique password for each site for which a password is required is a standard security recomendation.

 

[Another Shepherd]

Of this total, an assessed 431,170 records contained hashed passwords

If those were the actual passwords, that would be a serious data breach. But hashed passwords are very difficult for an attacker to use for nefarious purposes, assuming that the security software is not badly out of date.