Have I Been Pwned (HIBP) warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. Hot Topic is an American retail chain specializing in counterculture-related clothing, accessories, and licensed music merchandise. The company operates over 640 stores across the United States and Canada, primarily located in shopping malls, and has a vast customer base. According to HIBP, the exposed details include full names, email addresses, dates of birth, phone numbers, physical addresses, purchase history, and partial credit card data for Hot Topic[1], Box Lunch, and Torrid customers.[2]
The security incident was initially claimed on BreachForums by a threat actor named "Satanic" on 21 October 2024. The threat actor claimed to have stolen 350 million user records from Hot Topic and its related brands, Box Lunch and Torrid. "Satanic" was attempting to sell the database for $20,000 while also demanding a ransom payment of $100,000 from Hot Topic to remove the listing from the forums.
A report from HudsonRock published on 23 October 2024 suggested that the breach may have originated from an information stealer malware infection that stole credentials for a data unification service used by Hot Topic. While Hot Topic has remained silent, and no notifications were sent to potentially impacted customers, data analytics firm Atlas Privacy reported last week that the 730GB database impacts 54 million customers.
Atlas clarified that the dataset contains 25 million credit card numbers encrypted with a weak cipher that's easy to break using modern computers. Although Atlas is not 100% certain the database belongs to Hot Topic, it noted that nearly half of all email addresses were not seen in previous breaches, further supporting the legitimacy of the threat actor's claims. Altas says the breach appears to have occurred on 19 October 2024, and the data spans from 2011 until that date. The firm has set up a site that allows Hot Topic customers to check if their email address or phone number is exposed in the data leak.
The threat-actor continues to sell the database, albeit at a lower price of $4,000. Potentially impacted Hot Topic customers should stay vigilant for phishing attacks, monitor their financial accounts closely for suspicious activity, and change their passwords on every platform where they use the same credentials.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[2] https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/
Comments