HauteLook 2018 Data Breach

HauteLook Flash Sale Fashion Platform Breach (2018): 28 Million User Records Including Passwords, DOB & Location Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

RetailDate of BirthEmail AddressFull NameGenderGeographic LocationPassword
Low SeverityWebsite / service breach

HauteLook Flash Sale Fashion Platform Breach (2018): 28 Million User Records Including Passwords, DOB & Location Exposed

Online flash sale retailer.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: HauteLook · Actor: Unknown · Sources: 8 references
Attack: Unknown
Profile: Platform · Flash sale retail services · E-commerce marketplace · USA
Timeline: Breach (2018-08-07) · Indexed (Dec 01, 2024) · Year (2018)
Exposure: 28.5M records · 6 fields: Date of Birth, Email Address, Full Name, Gender, Geographic Location, Password
Status: Confirmed

Executive Summary

HauteLook, a flash sale fashion retailer operating under Nordstrom, suffered a data breach in mid-2018 that exposed records for approximately 28.5 million customer accounts. The breach was part of a wave of attacks targeting multiple e-commerce platforms around the same period. The stolen data was subsequently sold on dark web marketplaces in early 2019. The exposed information included email addresses, names, genders, dates of birth, geographic locations, and passwords. The passwords were stored as bcrypt hashes, a form of encryption that slows down cracking attempts but does not make them impossible. The combination of birthdate, location, and login credentials creates meaningful risk for affected customers, enabling phishing attacks, account takeover attempts, and impersonation scams. HauteLook's flash sale format, which creates urgency around time-limited offers, makes fake order or account alerts easier to make convincing. Nordstrom, as HauteLook's parent company, handled customer notifications and initiated password resets following disclosure of the breach. No prominent regulatory action or legal settlement specific to this incident has been publicly documented. Affected individuals should treat any email claiming to be from HauteLook or Nordstrom Rack with caution, particularly messages requesting login or payment details, and should update passwords on any other accounts where the same credentials were reused.

ObscureIQ assessment: Exposure enables phishing, order fraud, and affluent-customer targeting. Time-sensitive retail context can also make impersonation scams feel more legitimate.

Breach Impact

In mid-2018 HauteLook was among a group of e-commerce platforms whose data was compromised in a wave of breaches sold together on dark web marketplaces in early 2019. The exposed dataset for approximately 28.5 million accounts included email addresses, names, genders, geographic locations, dates of birth, and passwords. HauteLook notified users and initiated password resets. No settlement or significant regulatory action specific to this breach has been prominently documented. As the breach was disclosed under Nordstrom's ownership, Nordstrom handled the customer communication.

About HauteLook

HauteLook is an online flash sale retailer offering limited-time deals on fashion, beauty, and home goods from designer brands. It was acquired by Nordstrom in 2011 and now operates as part of Nordstrom's off-price digital commerce offering alongside Nordstrom Rack. The flash sale model positions limited inventory at discounted prices within short time windows to drive urgency-based purchasing.

Why They Hold Your Data

Flash-sale marketplaces collect customer identity, addresses, order history, payment-adjacent records, account activity, and brand-preference data tied to limited-time retail offers.

Recent Developments

HauteLook has continued operating within the Nordstrom portfolio. Nordstrom has been investing in its Rack and off-price channels as growth areas while managing its full-price store footprint. No major standalone HauteLook developments beyond the Nordstrom parent context have been prominently reported.

Data Points Exposed

6 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Geographic Location
Password Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Identity verification bypass using name + date of birth combination
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Profile enrichment
  • Pattern-of-life analysis & physical surveillance
  • Credential stuffing & account takeover

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the HauteLook breach?

HauteLook, a flash sale fashion retailer operating under Nordstrom, suffered a data breach in mid-2018 that exposed records for approximately 28.5 million customer accounts. The breach was part of a wave of attacks targeting multiple e-commerce platforms around the same period. The stolen data was…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, Geographic Location, Password.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
Dehashed
Independent catalogue listing
Cross-source
Hashmob
Independent catalogue listing
Cross-source
leakfind
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation