A heads up to anybody who has shopped at Sparesbox in the past.
Today I have received at two email addresses used only to shop at Sparesbox emails from "Mary" stating "%%EmailAddress%%, it is Mary!" and "%%FirstName%%, I am Mary."
I have a domain name where I have a catch-all address setup so I commonly use an email address for each account on each website. The email addresses exposed were only used on Sparesbox, ever.
I am not sure what other information has been exposed but so far I can tell that first names and email addresses have.
Websites need to hold their customers' data more securely and be held accountable for breaches like this.