The Information Highway

The Information Highway

Font size: +
1 minute reading time (295 words)

Retail chain Hot Topic hit by new credential stuffing attacks

American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.

The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company's headquarters, and two distribution centers. 

In credential stuffing attacks, cybercriminals use automated tools to trigger millions of login attempts using a list of username and password pairs. The technique is particularly effective when users reuse the same login information across multiple platforms.

Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.

"We determined that unauthorized parties launched automated attacks against our website and mobile application on November 18-19 and November 25, 2023, using valid account credentials (e.g., email addresses and passwords) obtained from an unknown third-party source," Hot Topic said.

"Based on our investigation to date, we are not able to determine which, if any, accounts were accessed by unauthorized third parties as opposed to legitimate customer logins during the relevant time periods." 

Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.

"We determined that unauthorized parties launched automated attacks against our website and mobile application on November 18-19 and November 25, 2023, using valid account credentials (e.g., email addresses and passwords) obtained from an unknown third-party source," Hot Topic said.

"Based on our investigation to date, we are not able to determine which, if any, accounts were accessed by unauthorized third parties as opposed to legitimate customer logins during the relevant time periods."

Vultur banking malware for Android poses as McAfee...
Cisco warns of password-spraying attacks targeting...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 18 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023