Hot Topic Under Attack

Hot Topic is a US retail chain specialised in counter-culture clothing and accessories, and licensed music of rock, and video game-themed apparel and accessories, that has 675 stores across the US, has been cyber hacked.

It also operates an online shop with nearly 10 million visitors every month, according to data from SimilarWeb.

The series of breaches that occurred between Feb. 7 and June 21 were the result of automated credential stuffing attacks against the company’s website and mobile application, Hot Topic said in a data breach notification, which was filed recently in California.

In a data breach notification recently, the company explained that hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data, too.

The company says that the investigation determined that Hot Topic was not the source of the credentials but it could also not find the source.

Credential stuffing attacks see malicious actors use login information stolen during data breaches to gain access to other accounts belonging to victims. They do this by using automated systems to “stuff” the credentials into online sites with the hope that victims have resused passwords across multiple sites.  

As part of the security measures implemented after the attacks, Hot Topic added "specific steps to safeguard our website and mobile application from" credential-stuffing attacks.

“Credential stuffing” is a type of cyberattack that relies on users employing the same credentials on multiple online services. When a leak or data breach occurs, threat actors typically test those username and password pairs on various online services, hoping they get a successful login.

Hot Topic said that it could not discern between unauthorised and legitimate logins. As a result, it will notify all customers that had their accounts accessed during the cyberattacks.

The information that may have been exposed to hackers includes:

  • Full name
  • Email address
  • Order history
  • Phone number
  • Date of birth
  • Shipping address
  • Four last digits of saved payment cards

The company has clarified that malicious access or exfiltration of the above information has not yet been verified, but it is notifying potentially breached account holders out of an abundance of caution.

Hot Topic also sends emails to impacted customers containing instructions on resetting account passwords, advising them to pick a strong and unique password.

If you are a Hot Topic customer, resetting your account credentials on other platforms where you might be using the same credentials would be wise.

Hot Topic says for more Information contact them:
Call toll-free 1-800-892-8674 between the hours of 9 a.m. to 5 p.m. Pacific Time.

Bleeping Computer:     TEISS:     Retail Dive:     OAG.CA:     Cyber Security Hub:     Cyberwire

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible

« Online Safety Act Places US Adults At Risk
Threads Loses 50% Of It’s Users »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Cyberia Group

Cyberia Group

Cyberia is a leading Internet and Security services provider with operations in Saudi Arabia, Lebanon and Jordan.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.