eternal.hk Listed by lockbit5 Ransomware Group
Eternal Beauty Holdings Limited is the largest perfume group in China, including Hong Kong and Macau...
On June 13, 2026, LockBit5 added Eternal Beauty Holdings Limited — the largest perfume group operating across China, Hong Kong and Macau — to its public leak site, confirming that internal files had been exfiltrated during a ransomware attack.
Confirmed Facts from Reporting
Public reporting indicates the incident involves Eternal Beauty Holdings Limited, whose brands dominate the regional perfume and beauty retail market. The ransomware group posted proof of access on its onion site, listing the company under the entry dated June 13, 2026. Available reporting describes the data as internal files; the exact volume and full list of exposed records remain unconfirmed by the company. No customer count has been released, leaving an unknown number of individuals whose information may have been inside the stolen documents.
The breach follows the typical LockBit pattern of stealing data before encryption or during network access, then threatening publication unless a ransom is paid. As of the publication date on the leak site, the files had not yet been broadly distributed beyond the group’s portal.
Why This Matters for You and Your Family
When a major consumer-facing company like a perfume retailer suffers a breach, the information inside its systems often includes names, addresses, phone numbers, email accounts, purchase histories, and payment details of everyday customers. If you or anyone in your household has bought fragrance, skincare, or related products from Eternal Beauty brands in recent years, your details could be among the records now held by criminals.
Stolen customer data rarely stays isolated. It is sold, traded, and combined with other leaks to build profiles that enable identity theft, targeted phishing, or harassment. For families this can mean sudden spam calls to your mobile, fraudulent charges on cards you used for online orders, or strangers contacting your children through accounts linked to shared family emails.
The Doxxing and Identity-Chain Implications
Internal files frequently contain more than payment records. Employee directories, supplier contracts, customer loyalty databases, and marketing spreadsheets can link personal details to usernames, social-media handles, and even children’s names or school information. Once attackers possess these connections, they can follow the chain from one compromised account to the next.
Credential leaks like this one cascade into account takeovers on shopping sites, social platforms, and gaming services. A child’s gaming account tied to a parent’s breached email suddenly becomes an entry point for further doxxing. Public reporting shows these chains frequently lead to full identity exposure, including home addresses and family relationships that criminals then exploit for extortion or public harassment.
LockBit5’s Publicly Known Track Record
Public reporting attributes the current attack to LockBit5, the latest iteration of the LockBit ransomware operation. The group first emerged in 2019 and has repeatedly rebranded after law-enforcement actions. It has claimed responsibility for attacks on hospitals, manufacturers, financial firms, and retailers worldwide. Its typical playbook involves initial access through phishing or exploited remote-desktop services, followed by rapid exfiltration of sensitive files, deployment of ransomware to encrypt systems, and then dual extortion: demanding payment to decrypt and a second fee to prevent publication of the stolen data. LockBit5 continues this model, maintaining a leak site that publicly pressures victims with countdown timers.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
- Rotate any password you ever used on Eternal Beauty sites or related shopping accounts, and switch on 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
- Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
- Let remediation specialists handle takedown requests across data brokers and leak sites for you while you focus on securing your own accounts.
The incident is a reminder that data stolen in one breach can surface months or years later in unexpected ways. Starting with clear steps now limits how far criminals can travel down the identity chain. DoxxScan by GalaxyWarden provides continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Using it promptly after incidents like the Eternal Beauty breach helps protect you and your family from the next stage of abuse.
Related breaches
Kevin Bao Lenguyen Listed by play Ransomware Group
United States…
Forces Listed by medusalocker Ransomware Group
Organization with 28 emails extracted. Domain: ***.gc.ca…
azarestan.com Listed by apt73 Ransomware Group
azarestan.com (Azarestan Business Development Group) is a holding company based in Iran. Azaresta...…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →