Millions of Hot Topic’s customers’ personal information was just made public due to a serious data breach. According to Have I Been Pwned (HIBP), a service that monitors and notifies consumers of data breaches, 57 million Hot Topic customers’ data was compromised in a hack on October 19. These clients have since been informed of the incident by HIBP; however, Hot Topic has not confirmed the breach or issued a public statement, despite TechCrunch’s repeated attempts to contact them for comment.
Sensitive consumer information like email addresses, physical addresses, phone numbers, past purchases, gender, and birthdate are among the compromised data. Furthermore, details on partial payments, including credit card kinds, expiration dates, and card numbers’ last four digits, were also affected.
The hacker, identified as “Satanic,” is accused of carrying out the attack. He took credit for it on October 21 in a post on the well-known cybercrime forum BreachForums. Satanic first asserted that it had accessed 350 million records from Hot Topic as well as related brands like Torrid and Box Lunch. To keep the database from being made public, the hacker first tried to sell it for $20,000 and even sought a $100,000 ransom from Hot Topic. However, recent forum discussions indicate that the price was later lowered to $3,500.
The hacker might have gained access to an analytics platform linked to Hot Topic’s cloud infrastructure by using credentials taken via infostealer malware, according to cybersecurity firm Hudson Rock. Both the precise technique and Hot Topic’s response strategy are still unknown.
As of right now, Hot Topic has not disclosed the breach to any state solicitor general offices or impacted consumers. The business, which has more than 640 locations in the US, is under growing pressure to resolve the issue and safeguard the data of its clients.