This Tuesday, January 14, 2025, hackers were able to access thousands of customer data from Kiabi's second-hand website.
Criminals were able to access the data of 20,000 customers of Kiabi's second-hand website, including their Iban, the ready-to-wear brand told AFP on Tuesday.
“On January 7, teams at the Kiabi second-hand website detected a cyberattack by credential stuffing”, Kiabi reported. “This particular type of attack uses credentials from data leaks from other websites to try to access targeted customer accounts.”
200% Deposit Bonus up to €3,000 180% First Deposit Bonus up to $20,000Customers have been informed
The attackers were able to access the names, first names, dates of birth, contact details of 20,000 customers, as well as their IBAN if it was provided. Kiabi was keen to point out that the RIB, which contains additional information compared to the IBAN such as the account number, was not revealed to the attackers.
After noticing the attack, “an IBAN masking feature was added to prevent any recovery of this data”, Kiabi said. Passwords were also reset. As required by law, the targeted customers were informed of the attack by Kiabi. The Kiabi.com site was not affected by this cyberattack, the brand said.
Only the second-hand site was. It allows you to buy second-hand clothes and resell your own, which explains why some customers have provided their Iban.