Cybersecurity researchers at Hudson Rock claim the world has just witnessed the “largest retail data breach in history” following an apparent breach at US chain Hot Topic.
In a new investigative report, researchers say that a threat actor alias ‘Satanic’ recently advertised the sale of a large database on the infamous Breached forum.
The archive is owned by three companies: Hot Topic, Box Lunch, and Torrid, all of which were founded by Hot Topic, and reportedly contains the PII of 350 million customers, including names, email addresses, phone numbers, and dates of birth, along with billions in payment data, including the last four digits of customers’ credit cards, card types, hashed expiration dates and account holder names, and billions of Hot Topic and Box Lunch loyalty points.
Snowflake and MFA
Digging deeper, researchers discovered that the breach came from a computer belonging to a Robling employee. Robling is a company that specializes in providing advanced data analytics and integration solutions for retail and multi-location businesses.
Apparently, the employee’s device was infected with malware in September 2024, resulting in the theft of more than 240 credentials, including some apparently linked to cloud storage service providers Snowflake. Those with better memories will remember a major incident this spring, when hundreds of Snowflake customers were hit by credential stuffing and brute-force attacks, leading to the theft of massive amounts of sensitive information.
In this case, the threat actor was free to access the Snowflake account and obtain the information stored there. “Finally, Satanic claimed, we emphasize, the hacker CLAIMED, that the breach stemmed from a lack of MFA on a Snowflake account along with “other links,”’ Hudson Rock said.
Anyone interested in getting their hands on this database should be willing to pay the asking price of $20,000. Alternatively, Hot Topic can have the thread removed from the forum for $100,000.
Via The Register