The Information Highway

The Information Highway

Font size: +
2 minutes reading time (394 words)

Retail chain Hot Topic discloses wave of credential-stuffing attacks

American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers. 

Hot Topic is a retail chain specialized in counter-culture clothing and accessories, and licensed music, that has 675 stores across the U.S. It also operates an online shop with nearly 10 million visitors every month, according to data from SimilarWeb.

In a data breach notification today, the company explained that hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data, too.

"We recently identified suspicious login activity to certain Hot Topic Rewards accounts," reads the notice.

"Following a careful investigation, we determined that unauthorized parties launched automated attacks against our website and mobile application on February 7, March 11, May 19-21, May 27-28, and June 18-21, 2023, using valid account credentials obtained from an unknown third-party source."

by Hot Topic

The company says that the investigation determined that Hot Topic was not the source of the credentials but it could also not find the source.

As part of the security measures implemented after the attacks, Hot Topic added "specific steps to safeguard our website and mobile application from" credential-stuffing attacks.

"Credential stuffing" is a type of cyberattack that relies on users employing the same credentials on multiple online services. When a leak or data breach occurs, threat actors typically test those username and password pairs on various online services, hoping they get a successful login.

Hot Topic said that it could not discern between unauthorized and legitimate logins. As a result, it will notify all customers that had their accounts accessed during the cyberattacks.

The information that may have been exposed to hackers includes:

  • Full name
  • Email address
  • Order history
  • Phone number
  • Date of birth
  • Shipping address
  • Four last digits of saved payment cards


The company has clarified that malicious access or exfiltration of the above information has not yet been verified, but it is notifying potentially breached account holders out of an abundance of caution.

Hot Topic also sends emails to impacted customers containing instructions on resetting account passwords, advising them to pick a strong and unique password. 

If you are a Hot Topic customer, resetting your account credentials on other platforms where you might be using the same credentials would be wise.

Hackers exploited Salesforce zero-day in Facebook ...
Cybercriminals train AI chatbots for phishing, mal...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023