We’ve heard from a few Birchboxers who have had their Birchbox account details updated without their consent. In some instances, their login credentials have been retrieved from an unaffiliated, third-party source. We are currently monitoring this and can confirm that Birchbox’s internal security has not been breached.
If you ever notice any suspicious activity on your account, please contact our Customer Care Team ASAP so we can look into it. We will be sure to to look into any unauthorised transactions and refund back to the cardholder as necessary. Only a small number of members encountered this issue, so if you haven’t seen anything unusual on your account no action is needed on your end.
We strongly encourage everyone to not reuse passwords across multiple online accounts as this makes you vulnerable to cyber attacks. Keeping your passwords as complex and different as possible is the best way you can help protect yourself from e-commerce fraud. Passwords with a minimum of 10 characters, as well as a mix of characters are the strongest.
Our engineering team are working hard to review all our security measures and investigate any areas that can be strengthened even further. Security is of utmost important to us here at Birchbox so please rest assured we are treating this very seriously and will take every step to ensure the safety of our lovely customers.
Thank you for your support as we continue to work to keep our online community a safe and secure place for all our Birchboxers!