HauteLook data breach: what happened, and how to secure your personal and financial data

Data breaches are a major challenge for both consumers and businesses operating in the retail industry. A recent study ranked the sector third for data breaches that put shoppers at risk. According to Verizon’s 2024 Data Breach Investigations Report, threat actors “go where the money is”, leaving even major brands and luxury stores like Neiman Marcus or Luxottica vulnerable to attacks.
This article dives into one such incident, the HauteLook data breach, that impacted millions of customers. Read on to learn what happened, what data was compromised, and how the breach resurfaced years later in the 2025 “Mother of All Breaches” leak. We’ll also explain how to check if your information was affected and what steps you can take to protect yourself.
What was the HauteLook data breach 2018?

When and how did the breach happen?
HauteLook was a fashion-focused e-commerce platform owned and operated by Nordstrom. The site was active until 2021, when Nordstrom phased out the HauteLook brand and merged its flash sales offerings into the Nordstrom Rack business.
The HauteLook data breach occurred several years earlier, in 2018, as part of a larger incident that compromised 617 million user accounts across 16 websites, including Dubsmash, MyFitnessPal, MyHeritage, ShareThis, and others.
In August 2018, hackers exploited a vulnerability in HauteLook’s web application to gain unauthorized access to user data from over 28 million accounts. By February 2019, the stolen HauteLook data, bundled with other breached datasets, was being sold on the dark web. It took approximately seven months for the breach to be discovered and verified, as stolen credentials often surface on underground forums long after the initial intrusion.
What data was compromised?
The breach affected over 28 million accounts, exposing these data points:
- Email addresses
- Names
- Dates of birth
- Genders
- Geographic locations
- Bcrypt-hashed passwords
How did HauteLook respond?
Neither HauteLook nor Nordstrom published any official statements on the breach. The retailer seems to have chosen quiet remediation instead of a public announcement. It’s a widespread tactic when the scope of a breach is not clear. When security specialists discovered the breach in March 2019, it was added to the HaveIBeenPwned database.
The 2025 “Mother of all breaches” leak resurfaces HauteLook data
Overview of the MOAB (Mother of all breaches)
In January 2025, cybersecurity researchers uncovered the largest known data leak that was called Mother of All Breaches (MOAB). It contained 12 terabytes of information, or over 26 billion records, collected from thousands of past data breaches.
Among the exposed platforms and businesses were Deezer, LinkedIn, Twitter, Comcast, Adobe and many others—including HauteLook, which had already been closed down by the time this supermassive leak was discovered.
What this means for HauteLook data breach victims
The red flags of HauteLook’s compromised data resurfacing are as follows:
- Cybercriminals can now reach victims’ data even more easily.
- There’s an increased risk of credential stuffing, where attackers can use the leaked email addresses and passwords to access other accounts.
- Identity theft becomes more credible as sensitive personal details are now circulating in more hacker databases.
Was my information affected?
What breach monitoring services say
- HaveIBeenPwned confirms the HauteLook data is in its breach database.
- Breach HQ also verifies the 2018 HauteLook data breach incident, with more than 12 million users affected.
How to check if your information was compromised
Visit Cybernews data leak checker or HaveIBeenPwned.com to find out if your data was compromised in the HauteLook data breach.
You can use either of these services to check if your HauteLook account is leaked on the dark web. It only takes providing your email address (in case of HaveIbeenPwned), and your email or phone in an international format (in case of Cybernews data leak checker).
How the HauteLook data breach and other leaks can put you at risk

Account takeover
If you’ve reused a password across sites and accounts, stuffers can use your HauteLook credentials to take over your other (financial) accounts and drain them.
Identity theft threats
When combined with personal information available on people-search sites or obtained from other breaches (e.g., Social Security numbers or banking details), HauteLook’s leaked data can be used to impersonate you, commit medical identity theft and perpetrate other types of fraud.
Fraudulent transactions
Some victims have reported fraudulent charges made through their HauteLook accounts shortly after the breach, especially when billing details were stored.
Targeted phishing campaigns using personal info
When scammers know your name, birthdate, and location, they’re equipped with enough data to craft more credible phishing messages that can trick you into revealing more sensitive information or clicking malicious links.
What to do if your HauteLook data was exposed

Change your HauteLook (Nordstrom) account password
Create a new, unique password that you don’t use for any other platform or service. Ideally, come up with a combination of unrelated words that would be easy to remember yet hard to crack. Make sure to add numbers and symbols as well as mix upper and lowercase letters.
Double-check other accounts using the same password
If you used your HauteLook password for other online services, chances are criminals can compromise them, too. To prevent this, log into these accounts and change the password as soon as possible.
Consider prioritizing these accounts:
- Online banking
- Health platforms
Enable multifactor authentication
Cyber criminals might try to use the leaked password to access your other accounts. Add an extra layer of protection by turning on 2FA (two-factor authentication). This way, attackers won’t be able to log in without that additional step, such as an authenticator app, SMS code, email code or push notification.
Monitor your accounts for suspicious activity
Regularly review your key accounts for unauthorized activity. To make this task easier, you can set up alerts for unusual login attempts and suspicious transactions.
Watch for phishing emails and scams
Be cautious with emails that reference your name or ask for personal information.
How to protect your personal data going forward

Avoid including personal details in passwords or PINs
Don’t use your birthdate, names of family members or pets, address and other common combinations like “123456” that threat actors can easily guess.
Keep your unique passwords private
If you want to keep your accounts safe, use a password manager. These tools are good at generating strong, random passwords. The only downside is that you won’t be able to remember them (but that’s also the point). Avoid using your name, birthdate
Don’t save credit card info on shopping sites/accounts
Take the extra time to manually enter your card instead of storing it online.
Start using email masking
Tap into services such as Firefox Relay, SimpleLogin or DuckDuckGo Email Protection to create email aliases that you can freely use for multiple platforms while your real email remains hidden. This won’t retroactively protect your data if it was already exposed, but it will help reduce the risk of future breaches.
Update your software regularly
Hackers are always on the lookout for vulnerabilities in systems. Once a flaw has been discovered, software developers release updates to fix it and reduce the risk of your data being stolen. Update your applications regularly to prevent data theft.
Use privacy-first tools
These services can help you keep your data private:
- VPNs to hide your IP address
- Encrypted messengers for secure communication
- Privacy-focused search engines
Be cautious about sharing personal data
When your personal information is on public display, you are at risk. So if you can opt out of giving out your personal identifiers or location check-ins, do it.
Remove your information from the public web
Even if you protect your accounts, your personal information may still be visible on people-search sites available to anyone including threat actors. To reduce your data exposure, opt out of these websites yourself or use Onerep to help you find and remove your exposed data automatically from over 210 people-search sites and Google.
FAQs about HauteLook and its data breach
What happened to HauteLook?
In August 2018, the shopping website HauteLook was hacked, exposing 28 million accounts. This breach was part of a larger incident that resulted in 617 million records compromised across 16 websites.
Was HauteLook hacked?
Yes, hackers exploited a vulnerability in the system and gained unauthorized access to user data, including bcrypt-hashed passwords, names and email addresses, among other information.
Is it safe to shop with Nordstrom Rack (HauteLook affiliate)?
Nordstrom Rack seems to be safe to shop with as long as you take common steps to protect your data, just as you would with any other website. This includes setting a strong password, enabling two-factor authentication and being cautious about sharing personal data online (use tools like Onerep to manage removal of your information from public sources for you automatically).
Mikalai is a Chief Technical Officer at Onerep. With a degree in Computer Science, he headed the developer team that automated the previously manual process of removing personal information from data brokers, making Onerep the industry’s first fully automated tool to bulk-remove unauthorized profiles from the internet.