Sephora

Yes, today, this morning. 

Mine happened after I got an email from Sephora saying my email had been changed. I didn’t make that change so I called them. First employee gave me completely wrong information and “reset” my account.  Five to ten minutes later my points were gone and redeemed for two $100 cash rewards. It took two more phone calls and nearly two hours of my time to get my points back, but the company is out $200 and has info on the fraudulent email and no one seems to care one bit about the actual hack!  I have no faith in Sephora’s internet security at this point and will limit myself to cash purchases in store in the future. 

@petitgateau

That sucks. I understand that your knee jerk reaction is to blame Sephora, but I highly doubt this is their fault. Yes, it is possible that Sephora was hacked today, but the better bet (99.9% IMHO) is that your info is circulating on hack lists from other sources from weeks, months, or even years ago, and was used today to access Sephora.  If you got an email stating that your email had been changed, that's because *someone else* had your email and password and was able to make the switch. If you are using the same password on any other site, you need to change it now. Delete cc's that you may have stored on other sites with the same password. Be as proactive as you can now...trying to chase down lost accounts after the fact is no fun, and you'll spend way more than 2 hours on the phone trying to clear it up across multiple sites.

@GG84 you might be interested in this too

Appreciate your advice and input. Respectfully disagree with the characterization  of my concern as knee-jerk. I don’t know how or why the hack occurred; I was told it affected others on the Sephora platform besides myself across various email domains. So I thought I would mention it to others here in case it might have happened to them, too. My disappointment was over the disinterest of any of the three people I spoke with about following up with the actual fraud. That does make me worry about the company’s commitment to online security. As you and others have suggested, however, ultimately it is my responsibility to protect myself so I will be proactive against future by not keeping any PII  or financial information on file and following the other suggestions offered. 

@RGbrown I called Sephora my issue was immediately resolved and they are going to watch my account for further suspicious activity. I change all my passwords constantly. I'm okay with the resolution. 

@petitgateau @GG84 I'm so sorry this happened to you! Please be assured that this information has been reported to our fraud team, so they can investigate further. If you have any other questions or concerns, please feel free to send me a PM. 

Honestly the strangest thing was how little the company seemed to be bothered by the fraudulent activity. I probably won’t order online or keep any credit cards on file with Sephora anymore. 

Never keep cc's on file, with any retailer. Sure it's convenient, but convenient to charge to, especially if the retailer doesn't ask to verify cc numbers every transaction.

Good advice, thanks