Millions of Hot Topic shoppers have data stolen by "Satanic" hacker

Trending 1 month ago
Shadowed hands connected a integer inheritance reaching for a login prompt.
Image Credit: Shutterstock (Image credit: Shutterstock)

Cybersecurity researchers from Hudson Rock declare nan world has conscionable witnessed nan “largest unit information breach successful history” pursuing an evident breach astatine US concatenation Hot Topic.

In a caller investigation report, nan researchers said a threat character othername ‘Satanic’ precocious advertised nan waste of a awesome database connected nan infamous Breached forum.

The archive belongs to 3 companies: Hot Topic, Box Lunch, and Torrid, each of which were founded by Hot Topic, and reportedly contains 350 cardinal customers’ PII, including names, emails, addresses, telephone numbers, and birthdates, on pinch billions of costs details, including nan past 4 digits of customers’ in installments cards, paper types, hashed expiration dates, and relationship holder names, and billions of Hot Topic and Box Lunch loyalty points.

Snowflake and MFA

Drilling deeper, nan researchers discovered that nan breach originated from a machine belonging to a Robling employee. Robling is simply a institution specializing successful providing precocious information analytics and integration solutions for unit and multi-location businesses.

Apparently, nan employee’s instrumentality was infected pinch malware successful September 2024, which resulted successful nan theft of much than 240 credentials, including immoderate apparently linked to unreality retention work providers, Snowflake. Those pinch amended representation will retrieve a ample incident this spring, erstwhile hundreds of Snowflake customers were deed pinch credential stuffing and brute-force attacks, starring to nan theft of immense amounts of delicate information.

In this case, nan threat character was free to entree nan Snowflake relationship and drawback nan accusation stored there. “Lastly, Satanic claimed, we emphasize, nan hacker CLAIMED, that nan breach originated from a deficiency of MFA connected a Snowflake relationship on pinch “other links”,” Hudson Rock said.

Anyone willing successful getting their hands connected this database should beryllium fresh to salary nan asking value of $20,000. Alternatively, Hot Topic tin person nan thread removed from nan forums for $100,000.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via The Register

More from TechRadar Pro

  • Hundreds of Snowflake customers whitethorn person been deed by breach that stole "significant" data
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

More
Source Technology
Technology