Wilson's Media

A Tech & Gaming Blog

Millions of Hot Topic shoppers have data stolen by “Satanic” hacker

Cybersecurity researchers from Hudson Rock claim the world has just witnessed the “largest retail data breach in history” following an apparent breach at US chain Hot Topic.

In a new research report, the researchers said a threat actor alias ‘Satanic’ recently advertised the sale of a major database on the infamous Breached forum.

The archive belongs to three companies: Hot Topic, Box Lunch, and Torrid, all of which were founded by Hot Topic, and reportedly contains 350 million customers’ PII, including names, emails, addresses, phone numbers, and birthdates, along with billions of payment details, including the last 4 digits of customers’ credit cards, card types, hashed expiration dates, and account holder names, and billions of Hot Topic and Box Lunch loyalty points.

Snowflake and MFA

Drilling deeper, the researchers discovered that the breach originated from a computer belonging to a Robling employee. Robling is a company specializing in providing advanced data analytics and integration solutions for retail and multi-location businesses.

Apparently, the employee’s device was infected with malware in September 2024, which resulted in the theft of more than 240 credentials, including some apparently linked to cloud storage service providers, Snowflake. Those with better memory will remember a large incident this spring, when hundreds of Snowflake customers were hit with credential stuffing and brute-force attacks, leading to the theft of huge amounts of sensitive information.

In this case, the threat actor was free to access the Snowflake account and grab the information stored there. “Lastly, Satanic claimed, we emphasize, the hacker CLAIMED, that the breach originated from a lack of MFA on a Snowflake account along with “other links”,” Hudson Rock said.

Anyone interested in getting their hands on this database should be ready to pay the asking price of $20,000. Alternatively, Hot Topic can have the thread removed from the forums for $100,000.

Via The Register

More from TechRadar Pro


Source

Cybersecurity researchers from Hudson Rock claim the world has just witnessed the “largest retail data breach in history” following an apparent breach at US chain Hot Topic. In a new research report, the researchers said a threat actor alias ‘Satanic’ recently advertised the sale of a major database on the…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives