We have recently been subject to an online security breach. We are taking this extremely seriously and wanted to provide you with details of the situation and how it might affect you. We also wanted to reassure you that we are investigating this as a priority and are taking a number of measures to prevent this from happening again.

Questions & Answers

  1. How much data has been compromised?

    As a precautionary measure we are contacting up to two million of our registered website customers who could potentially be affected.

  2. Does this affect in-store membership personal information?

    We have no indication that in-store personal membership information has been compromised.

  3. What does the data include?

    The data includes some personal information such as first name, surname, addresses, email address and phone number if this was supplied. In a small number of instances, it may include encrypted data from expired credit and debit cards up to 2009. No further financial information has been shared.

  4. What about financial data?

    A small amount of encrypted data from expired credit and debit cards may have been compromised. We would like to make it clear that any payment card information that may have been taken, has long since expired as we stopped storing card data in 2009.

  5. Update: If I have sold items into CeX and chose to be paid via bank transfer, are these at risk?

    No, these are stored and fully encrypted.

  6. Update: I can see my bank details when I log into my Webuy account, are these at risk?

    No, these are stored and fully encrypted.

  7. What has happened to the data that has been compromised?

    We are aware that an unauthorised third party has accessed this data. We are working closely with the relevant authorities, including the police, with their investigation.

  8. What should I do?

    We advise that you change your webuy.com password, as well as any other online accounts where you may share the same password, as a precautionary measure.

  9. Why do I need to change my passwords?

    Although your password has not been stored in plain text, if it is not particularly complex then it is possible that in time, a third party could still determine your original password and could attempt to use it across other, unrelated services. As such, as a precautionary measure, we advise customers to change their password across other services where they may have re-used their WeBuy website password.

  10. Update: Will you be forcing a password change for all affected accounts?

    We have forced a password reset on all affected accounts that have yet to be changed.

  11. Can customers find out exactly what data has been shared about them?

    At this stage, it is not possible for us to share this information as we are still undergoing an investigation. At this stage, we are alerting all customers who might have been affected as a precaution.

  12. What security do you have in place to protect this data?

    We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats. Clearly however, additional measures were required to prevent such a sophisticated breach occurring and we have therefore employed a cyber security specialist to review our processes. Together we have implemented additional advanced measures of security to prevent this from happening again.

  13. I did not receive an email, am I affected?

    If you do not receive an email, your account is not affected.

If you have any questions, please don’t hesitate to email us at: guidance@webuy.com

Return to our website