Burning Shed security breach

Received the email from Burning Shed, regarding a security breach. Some customer information was compromised, but not any credit card info. They are asking all customers to log-in & change their passwords.

The site is currently off-line, likely with security going through things.

Here is some of the email I received:

Dear Burning Shed Customer

We are sorry to inform you of a breach of security breach here at Burning Shed that has resulted in the unauthorised disclosure of some personal data. You were not in the group of people affected by this but we felt it was important to let you know.

If you have used the same password you used on burningshed.com anywhere else, please change it immediately.

The breach was discovered on Friday 17th April 2020 and is likely to have taken place on the 18th December 2018.

A hacker managed to download a section of our customer database. This consisted of some email addresses, plus the encrypted passwords for those email addresses. Our IT experts do not believe that postal addresses or any other information was accessed. Your email address and password were not included in this download.

However, we know that the hackers did decrypt some of the account passwords. We do not think your password was compromised but if you have used your Burning Shed password on anywhere else online then we recommend that you change it as soon as possible (especially if you also use the same email address to login to that site).

We can however guarantee that no payment information of any kind was compromised as part of this breach. We do not hold any of your credit card or PayPal details on our database. They have not been compromised. You do NOT need to cancel your credit card or PayPal account.

.