Man
Professional
- Messages
- 3,061
- Reaction score
- 586
- Points
- 113
Information about buyers is posted on an online forum.
Atlas Privacy, a data breach analysis company, has confirmed a major data breach at the Hot Topic fashion store chain. Based on the results of the analysis of the stolen database, the company's specialists established the real scale of the incident, which turned out to be less significant than the hacker initially claimed.
The 730 GB database contains information on 54 million unique email addresses, not 350 million users as previously claimed.
Of particular concern, however, is the presence in the database of 25 million credit card numbers protected by weak encryption. According to Atlas software engineer and researcher Arnaud de Saint-Meloir, the decryption of the entire data set can be carried out in the coming days.
Experts note that the chain of stores used outdated security protocols to store credit card data instead of using more reliable third-party service providers. The authenticity of the stolen database is confirmed by the presence of many new email addresses not previously found in other leaks. Atlas Privacy estimates that more than 50% of addresses are unique.
In addition to email addresses, the stolen database contains the full names, phone numbers and dates of birth of more than 20 million users, as well as the home addresses of 10 million customers. The stolen data covers the period from 2011 to October 19, 2024, so some of the information may not be relevant. However, in the hands of attackers, such information can be used for fraud and identity theft.
To verify affected users, Atlas Privacy has created a special service on the Databreach.com website. The service allows you to check the presence of personal information in the stolen database by entering your email, phone number, full name, or address. It is important to note that sensitive data is not transmitted to Atlas servers or stored – instead, a hash fingerprint of the entered information is created for comparison with a copy of the database.
According to preliminary data, the leak occurred through Robling, a company that provides retail analytics services. The attacker, known by the aliases "Satanic" and "Dark X", gained access to the credentials of the Hot Topic database after infecting Robling systems with malicious software. The database may also contain customer data of Hot Topic's subsidiary brands - BoxLunch and Torrid.
At the time of publication, representatives of Hot Topic and Robling did not provide comments on the incident. The hacker continues to sell access to the stolen database, lowering the price from the original $20,000 to $4,000. Allegedly, the company collected personal data through a loyalty program that requires you to provide an email and phone number when registering.
Source
Atlas Privacy, a data breach analysis company, has confirmed a major data breach at the Hot Topic fashion store chain. Based on the results of the analysis of the stolen database, the company's specialists established the real scale of the incident, which turned out to be less significant than the hacker initially claimed.
The 730 GB database contains information on 54 million unique email addresses, not 350 million users as previously claimed.
Of particular concern, however, is the presence in the database of 25 million credit card numbers protected by weak encryption. According to Atlas software engineer and researcher Arnaud de Saint-Meloir, the decryption of the entire data set can be carried out in the coming days.
Experts note that the chain of stores used outdated security protocols to store credit card data instead of using more reliable third-party service providers. The authenticity of the stolen database is confirmed by the presence of many new email addresses not previously found in other leaks. Atlas Privacy estimates that more than 50% of addresses are unique.
In addition to email addresses, the stolen database contains the full names, phone numbers and dates of birth of more than 20 million users, as well as the home addresses of 10 million customers. The stolen data covers the period from 2011 to October 19, 2024, so some of the information may not be relevant. However, in the hands of attackers, such information can be used for fraud and identity theft.
To verify affected users, Atlas Privacy has created a special service on the Databreach.com website. The service allows you to check the presence of personal information in the stolen database by entering your email, phone number, full name, or address. It is important to note that sensitive data is not transmitted to Atlas servers or stored – instead, a hash fingerprint of the entered information is created for comparison with a copy of the database.
According to preliminary data, the leak occurred through Robling, a company that provides retail analytics services. The attacker, known by the aliases "Satanic" and "Dark X", gained access to the credentials of the Hot Topic database after infecting Robling systems with malicious software. The database may also contain customer data of Hot Topic's subsidiary brands - BoxLunch and Torrid.
At the time of publication, representatives of Hot Topic and Robling did not provide comments on the incident. The hacker continues to sell access to the stolen database, lowering the price from the original $20,000 to $4,000. Allegedly, the company collected personal data through a loyalty program that requires you to provide an email and phone number when registering.
Source
