{"id":27854,"date":"2024-10-24T19:33:00","date_gmt":"2024-10-24T19:33:00","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=27854"},"modified":"2024-10-24T19:33:00","modified_gmt":"2024-10-24T19:33:00","slug":"hot-topic-data-breach-350-million-customers","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/hot-topic-data-breach-350-million-customers\/","title":{"rendered":"Hot Topic Data Breach Exposes of 350 Million Customers"},"content":{"rendered":"

Data breach of a known US retailer Hot Topic<\/strong> leaks a selection of personally identifiable information of 350 million chain\u2019s customers. Such a worrying conclusion comes from the database posted for sale on one of the Darknet forums. The breach likely touches not only the company itself, but also its subsidiaries \u2013 Box Lunch and Torrid. Analysts already define this data leak as one of the biggest ones that come from a corporation.<\/p>\n

Hot Topic Hacked, 350 Million Customers Data Exposed<\/h2>\n

In the breach published on October 21, 2024 on BreachForum by a threat actor nicknamed Satanic, personal information of 350 million customers and employees is offered for sale, at a price of just $20,000. For Hot Topic themselves, however, the price tag is 5x of that \u2013 $100,000 for deleting the forum thread completely. Hacker does not disclose the way they\u2019ve breached into the company, but shares quite extensive examples that allow us to judge on the scale and potential impact. Spoiler \u2013 it is tremendous.<\/p>\n

\"Hot
Post regarding the Hot Topic hack on BreachForum<\/figcaption><\/figure>\n

Contrary to how it usually happens with Darknet leaks<\/a>, Hot Topic breach features not just username, email and similar basic information. Leak samples offered by the hacker show complete addresses, emails, phone numbers and extensive payment information<\/strong> (including holder info and card details). This list goes on with account IDs and in-chain loyalty points tied to corresponding accounts. The latter may be quite handy if hackers (or someone who’d purchased the leaked DB) will try taking over the accounts.<\/p>\n

\"User
User records with heaps of personal data, present in one of the logs<\/figcaption><\/figure>\n

Aside from customers\u2019 information, the data breach also contains data of employees of Hot Topic, and Torrid with BoxLunch \u2013 subdivisions of the company. This part of the breach generally touches email addresses and full names \u2013 not too much to brag about. Still, this exact part of the breach was the key for analysts to investigate the origins of the breach.<\/p>\n

How Hot Topic Was Hacked?<\/h2>\n

Despite Satanic being (as expected) quite secretive on detailed information on how they\u2019ve done the breach, Hudson Rock Infostealers\u2019 analysts managed to do a pretty good job<\/a> of analyzing the clues present in logs. They also communicated with the hacker on certain details, confirming their suspicions (though not trusting the hacker’s words entirely).<\/p>\n

So, as far as analysis goes, the point of initial access was the PC of an outsource agent who\u2019s working for big data analysis company Robling. The latter is doing data analysis for Hot Topic and its subsidiaries, eventually requiring access to the company\u2019s cloud storages. By infecting this system with an undisclosed infostealer malware<\/a>, the hacker managed to extract about 240 credentials stored in the system. Among them was login data from Hot Topic and Torrid Snowflake environments.<\/p>\n

\"Robling
Accesses of a Robling employee, who was the starting point of the hack<\/figcaption><\/figure>\n

And that is it \u2013 from now on, Satanic got access to all the internal data of the company<\/strong>. It apparently took some time to browse and extract all the data, but that is it \u2013 no super-fancy movie-like hacking, just an infostealer that did all the dirty job.<\/p>\n

What should I do?<\/h2>\n

If you are a customer of one of these three companies, I\u2019d advise you to migrate your shop accounts to a different email address<\/strong>. This way, you will get the loyalty points secured from someone spending them for you. With card data and other sensitive information, however, things are much more complicated.<\/p>\n

You are unlikely to change or remove this information from the company, especially considering it was already stolen. With this information, hackers can create invoices directed to your payment card, and then get the confirmation codes through various phishing ways. If that is the case, I\u2019d recommend you to set a low daily payment limit, and thoroughly track the codes and requests that come to your phone or email. Report all the suspicious cases to your bank security, shall they appear, and never follow any instructions that ask you to type the confirmation code, if you are not the one who called for it.<\/p>\n

\"Hot<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Data breach of a known US retailer Hot Topic leaks a selection of personally identifiable information of 350 million chain\u2019s customers. Such a worrying conclusion comes from the database posted for sale on one of the Darknet forums. The breach likely touches not only the company itself, but also its subsidiaries \u2013 Box Lunch and […]<\/p>\n","protected":false},"author":7,"featured_media":27859,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15],"tags":[619,697],"class_list":{"0":"post-27854","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"tag-cybersecurity","9":"tag-data-breach"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/10\/hottopic-data-breach-featured.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/27854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=27854"}],"version-history":[{"count":2,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/27854\/revisions"}],"predecessor-version":[{"id":27860,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/27854\/revisions\/27860"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/27859"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=27854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=27854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=27854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}