Hot Topic Under Attack
Hot Topic is a US retail chain specialised in counter-culture clothing and accessories, and licensed music of rock, and video game-themed apparel and accessories, that has 675 stores across the US, has been cyber hacked.
It also operates an online shop with nearly 10 million visitors every month, according to data from SimilarWeb.
The series of breaches that occurred between Feb. 7 and June 21 were the result of automated credential stuffing attacks against the company’s website and mobile application, Hot Topic said in a data breach notification, which was filed recently in California.
In a data breach notification recently, the company explained that hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data, too.
The company says that the investigation determined that Hot Topic was not the source of the credentials but it could also not find the source.
Credential stuffing attacks see malicious actors use login information stolen during data breaches to gain access to other accounts belonging to victims. They do this by using automated systems to “stuff” the credentials into online sites with the hope that victims have resused passwords across multiple sites.
As part of the security measures implemented after the attacks, Hot Topic added "specific steps to safeguard our website and mobile application from" credential-stuffing attacks.
“Credential stuffing” is a type of cyberattack that relies on users employing the same credentials on multiple online services. When a leak or data breach occurs, threat actors typically test those username and password pairs on various online services, hoping they get a successful login.
Hot Topic said that it could not discern between unauthorised and legitimate logins. As a result, it will notify all customers that had their accounts accessed during the cyberattacks.
The information that may have been exposed to hackers includes:
- Full name
- Email address
- Order history
- Phone number
- Date of birth
- Shipping address
- Four last digits of saved payment cards
The company has clarified that malicious access or exfiltration of the above information has not yet been verified, but it is notifying potentially breached account holders out of an abundance of caution.
Hot Topic also sends emails to impacted customers containing instructions on resetting account passwords, advising them to pick a strong and unique password.
If you are a Hot Topic customer, resetting your account credentials on other platforms where you might be using the same credentials would be wise.
Hot Topic says for more Information contact them:
Call toll-free 1-800-892-8674 between the hours of 9 a.m. to 5 p.m. Pacific Time.
Bleeping Computer: TEISS: Retail Dive: OAG.CA: Cyber Security Hub: Cyberwire
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible