FabFitFun: Security Incident

Make the first comment! Hello Subscription independently researches and reviews the best subscriptions and products. Things you buy through our links may earn us a commission.
Go to commentsNotification

FabFitFun Box recently notified subscribers of a security issue:

FabFitFun values your membership in our community and respects the privacy of your information. We are writing to let you know about a recent data security incident that potentially involves your personal information.

Our technical team recently discovered that an unauthorized third party inserted malicious code on portions of our website that may have enabled them to capture certain information in connection with customer sign ups. Based on our forensic investigation, this incident concerns the new member sign up pages of our website during the period between April 26, 2020 and May 14, 2020, and between May 22, 2020 and August 3, 2020. According to our records, you signed up for FabFitFun during this timeframe, and your information therefore could have been affected. Although we believe that only a subset of members who signed up during this period were affected, we are sending formal notifications to everyone that signed up during this timeframe as a precaution.

This incident would have involved emails and FabFitFun passwords for customers that signed up using PayPal or Apple Pay. For customers using credit or debit cards, the information involved would also have included name, address, payment card account number, card expiration date, and card verification code. Please note that because we do not collect highly sensitive personal information like Social Security Numbers, this type of information was not affected by this incident.

We took steps to address and contain this incident promptly after it was discovered. As soon as our technical team identified the issue, we removed the malicious code and took steps to secure our website with the help of forensic cybersecurity experts engaged to assist with our investigation. We have also reported the matter to law enforcement and are cooperating with the investigation. While we are continuing to review and enhance our security measures, we are confident that the issue has been resolved and will no longer affect transactions on our website.

As a further precaution, we have initiated a password reset for all FabFitFun members and you will be prompted to change your password prior to your next login. We will also be sending a follow-up email with instructions on how to reset your password. As a reminder, you should use a unique and “strong” password for all online accounts. Click here for tips on creating a strong password. In conjunction with the password reset, we are also implementing additional account protections, including additional password length and complexity requirements.

We are mailing you a letter which further explains the incident, the steps FabFitFun has taken in response, and some resources you may wish to review to help protect against any misuse of information. We are also offering twelve months of complimentary identity protection services. The letter you will receive includes additional information about the identity monitoring services, however if you would like to enroll in these services now, please refer to the enrollment instructions below.

Please know that we are deeply appreciative that you have chosen to be a part of the FabFitFun community, and as a token of that appreciation, we are offering a $25 credit that can be used in an upcoming sale. Click here to select which sale to apply your credit to. Please note that you must be a current FabFitFun member to participate in our sales. You must also select, no later than December 31, 2020, the winter sale to which you would like the credit to apply and the credit will expire if not used in the sale selected.

Please watch for the letter from FabFitFun that includes additional information about the incident and our response. However, if you have any questions in the meantime, please clicke here to contact our Customer Care team. Once again, we sincerely regret that this incident occurred and any inconvenience or concern it may cause.

Michael Broukhim Co-Founder and Co-CEO

All subscribers will need to change their passwords. Any subscriber who signed up during the specified times should check their email for the notice and follow-up on recommended actions.

FabFitFun Box is a quarterly women’s subscription box that promises fabulous full-size beauty, fashion, and fitness items every quarter. Pick between quarterly or annual subscription, and get full-sized, premium products including makeup, skincare, fashion, wellness, and home decor! You can choose to customize your box every season (or buy add-ons), or keep everything as a surprise!


Leave a Reply

Your email address will not be published.