Cybersecurity researchers from Hudson Rock have recently uncovered what they believe to be the “largest retail data breach in history” involving a major breach at US chain Hot Topic. According to their latest research report, a threat actor known as ‘Satanic’ was found to be advertising the sale of a significant database on the notorious Breached forum.
The database in question reportedly contains the personal information of 350 million customers from three companies: Hot Topic, Box Lunch, and Torrid. This includes sensitive data such as names, emails, addresses, phone numbers, birthdates, as well as billions of payment details like the last 4 digits of credit cards, card types, hashed expiration dates, account holder names, and billions of loyalty points from Hot Topic and Box Lunch.
Further investigation by the researchers revealed that the breach originated from a computer linked to an employee at Robling, a company specializing in providing advanced data analytics and integration solutions for retail and multi-location businesses. It was discovered that the employee’s device was infected with malware back in September 2024, leading to the theft of over 240 credentials, some of which were reportedly associated with cloud storage service provider Snowflake.
This incident raises concerns about the security measures implemented by Snowflake, especially given a previous incident earlier in the year where numerous customers faced credential stuffing and brute-force attacks resulting in the theft of sensitive information. The threat actor ‘Satanic’ apparently gained access to the Snowflake account and was able to extract the stored information.
According to Hudson Rock, ‘Satanic’ claimed that the breach was facilitated by a lack of Multi-Factor Authentication (MFA) on the Snowflake account, among other vulnerabilities. The hacker is demanding $20,000 for anyone interested in obtaining the database, while Hot Topic has the option to have the thread removed from the forums for $100,000.
This breach highlights the importance of implementing robust cybersecurity measures, such as MFA, to protect sensitive data from malicious actors. Organizations must remain vigilant and continuously assess their IT infrastructure to prevent such incidents in the future.
For more information, you can visit The Register’s article on the ‘Satanic’ data breach from October 23, 2024.