Hackers broke into Hims & Hers’ support system and took customer data. Here’s what happened, what was taken, and how to stay safe from scams that may follow.
Table of Contents
What Happened
In a notice filed with California authorities, the company said hackers accessed its external ticketing platform between February 4 and February 7. The platform handles customer questions, requests, and support conversations.
During that time, hackers accessed and stole data from users’ support tickets. These tickets often include personal details people share when asking for help with their accounts, prescriptions, or services.
In many similar cases, criminals pressure companies by threatening to make stolen data public. However, Hims & Hers said it has not received any messages from the attackers, including ransom demands.
How This Happened
The telehealth company said hackers used a social engineering attack.
Instead of using a technical weakness, the attackers targeted people. They tricked employees into giving them access to the system.
These attacks often rely on impersonation — for example, pretending to be a coworker, a partner, or an urgent internal request. The goal is simple: convince someone to open the door.
After gaining access, the attackers moved inside the system and collected data without triggering immediate alarms.
What Data Was Stolen, and How Many People Were Affected
Hims & Hers said the stolen data includes:
- Customer names
- Email addresses
- Contact information
- Other personal details
It also noted that hackers did not access medical records.
However, support messages can still include sensitive details. People may share account information, health-related questions, or other private data when contacting support.
It’s still unclear how many people were affected by the breach. Under California law, companies must disclose breaches involving more than 500 residents, but Hims & Hers has not shared an exact number.
Why Hackers Target Customer Support Systems
Hackers increasingly target customer support platforms because they store real conversations with users — often including personal details, which makes them valuable.
In addition, companies may not protect these platforms as well as their main systems. As a result, attackers can sometimes gain access by manipulating employees — for example, by tricking them into sharing login details or approving access requests.
This type of attack is becoming more common. Research shows that many attackers pose as IT support to trick customer service staff into giving access to internal systems and steal data.
Futureproof monitors data leaks and helps you fix issues early. Get started today to protect your peace of mind all year long.
What Scams May Happen Next — and How to Stay Safe
Even without medical records, this breach still matters.
Hackers can use names, emails, and contact details in phishing attacks, scam messages, or account takeovers.
The takeaway is simple: What you share in support messages can become valuable if attackers breach the system.
What to do to protect yourself:
- Be cautious with unexpected emails or messages, even if they look familiar.
- Don’t download attachments unless you’re sure they’re real.
- Go directly to the official website instead of clicking links in messages.
- Watch for requests asking you to “verify” or “update” your details.
- Be careful with password reset emails or login alerts.
Pause and check — it’s one of the easiest ways to stay safe.
At Futureproof, Kevin makes online safety feel human with clear steps, real examples, and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
