- Hot Topic data breach effects continue to emerge
- Leaked dataset reportedly includes encrypted credit card numbers
- Threat actor ‘Satanic’ has claimed responsibility
Breach notification site Have I Been Pwned has confirmed the personal data of 56,904,909 users was found online, leaked from Hot Topic, Torrid, and Box Lunch customers.
Threat actor ‘Satanic’ claimed responsibility for the breach, which was allegedly carried out through an infostealer infection, and made possible by weak security practices.
The dataset is reportedly on sale for $20,000 (although this has since been lowered to $4,000) and the hackers are demanding a $100,000 ransom from Hot Topic to remove the listing from the forums. Apparently, no notifications have been sent to customers as of yet.
Risk of identity theft
The leak reportedly occurred on October 19, but the data spans back all the way to 2011, so if you’ve used the Hot Topic website since then, we recommend being vigilant with your information just in case.
The data is said to have included email addresses, encrypted credit card numbers, physical addresses, and email addresses.
Reports suggest an employee’s device was infected with malware, which resulted in the theft of more than 240 credentials, leading to the extensive data breach.
When a person is affected by a data breach, the worry is that a threat actor may purchase their details and use them to commit identity theft. We’ve listed the best identity theft protections to help keep you safe.
Via BleepingComputer