Hot Topic Under Attack

Uploaded on 2023-08-10 in FREE TO VIEW

Hot Topic is a US retail chain specialised in counter-culture clothing and accessories, and licensed music of rock, and video game-themed apparel and accessories, that has 675 stores across the US, has been cyber hacked.

It also operates an online shop with nearly 10 million visitors every month, according to data from SimilarWeb.

The series of breaches that occurred between Feb. 7 and June 21 were the result of automated credential stuffing attacks against the company’s website and mobile application, Hot Topic said in a data breach notification, which was filed recently in California.

In a data breach notification recently, the company explained that hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data, too.

The company says that the investigation determined that Hot Topic was not the source of the credentials but it could also not find the source.

Credential stuffing attacks see malicious actors use login information stolen during data breaches to gain access to other accounts belonging to victims. They do this by using automated systems to “stuff” the credentials into online sites with the hope that victims have resused passwords across multiple sites.  

As part of the security measures implemented after the attacks, Hot Topic added "specific steps to safeguard our website and mobile application from" credential-stuffing attacks.

“Credential stuffing” is a type of cyberattack that relies on users employing the same credentials on multiple online services. When a leak or data breach occurs, threat actors typically test those username and password pairs on various online services, hoping they get a successful login.

Hot Topic said that it could not discern between unauthorised and legitimate logins. As a result, it will notify all customers that had their accounts accessed during the cyberattacks.

The information that may have been exposed to hackers includes:

  • Full name
  • Email address
  • Order history
  • Phone number
  • Date of birth
  • Shipping address
  • Four last digits of saved payment cards

The company has clarified that malicious access or exfiltration of the above information has not yet been verified, but it is notifying potentially breached account holders out of an abundance of caution.

Hot Topic also sends emails to impacted customers containing instructions on resetting account passwords, advising them to pick a strong and unique password.

If you are a Hot Topic customer, resetting your account credentials on other platforms where you might be using the same credentials would be wise.

Hot Topic says for more Information contact them:
Call toll-free 1-800-892-8674 between the hours of 9 a.m. to 5 p.m. Pacific Time.

Bleeping Computer:     TEISS:     Retail Dive:     OAG.CA:     Cyber Security Hub:     Cyberwire

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

« Online Safety Act Places US Adults At Risk
Threads Loses 50% Of It’s Users »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

ShieldIOT

ShieldIOT

ShieldIOT delivers a complete AI-powered security solution across any IoT device, application and network.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

QGroup

QGroup

QGroup has been re-designing the consultancy industry since 2012. We're a rapidly expanding group of consulting companies that deliver bespoke IT services including cybersecurity.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

Slide

Slide

Slide is a modern, security-first Business Continuity & Disaster Recovery (BCDR) company built exclusively for Managed Service Providers.