It seems the unique email address I used for a tequipment.net order in Jan 2020 was caught up in a Jan 2023 data breach at Eye4Fraud (a fraud prevention service used by TEquipment.net, aka
Interworld Highway, LLC).
Neither TEquipment.net nor Eye4Fraud have notified me about this breach.
Eye4Fraud
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.
Breach date: 25 January 2023
Date added to HIBP: 6 March 2023
Compromised accounts: 16,000,591
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses
List of sites/companies caught up in this breach:
https://gist.github.com/troyhunt/e7c20fe9e970a2a928299760b11ed381 (I assume TEquipment.net are here as "Interworldhighway")
Early announcements of Eye4Fraud breach(es!):
https://twitter.com/FalconFeedsio/status/1622838659689988098 (
https://archive.md/5szVA)
You can use Troy Hunt's excellent website to see if your email is in the list:
https://haveibeenpwned.com/Pretty disappointing that this chunk of my data was being held (well.. grossly mismanaged..) by a third party 3 years after the transaction. I would hope that TEquipment.net have since cut ties with Eye4Fraud.
I'm appalled at TEquipment.net's mishandling of my data, since ultimately that responsibility resides with them.