'Satanic' data thief claims to have slipped into 350M Hot Topic shoppers info
We know where you got your skinny jeans - big deal
A data thief calling themselves Satanic claims to have purloined the records of around 350 million customers of fashion retailer Hot Topic.
Israeli security shop Hudson Rock reports that the criminal says they have hacked the loyalty account of the fashion megachain, harvesting 350 million customers' PII, including names, emails, physical addresses, and dates of birth.
It appears that financial details have at least been somewhat protected, with the evil one saying it has the last four digits of customers’ credit cards, card types, hashed expiration dates, and account holder names, but the criminal claims to have billions of payment details.
That said, they are asking for $20,000 for the database, which is very low but understandable given the paucity of actionable information stolen - the wages of sin are scarce at this level. Satanic also offered Hot Topic the chance to pay $100,000 to remove the sale listing.
It appears that the leak possibly came from an employee at Robling, a retail analytics business. Hudson Rock reports that the data most likely came from the staffer who picked up a malware infection in September, and the shoplifted data contained 240 credentials.
"While this evidence alone doesn’t conclusively prove how these companies were hacked, Hudson Rock’s researchers reached out to 'Satanic' for more details," the security biz said.
"'Satanic' first claimed that the breach originated from an Infostealer log. They provided a username matching the one found on the computer our researchers were investigating."
- Marriott settles for a piddly $52M after series of breaches affecting millions
- Volkswagen monitoring data dump threat from 8Base ransomware crew
- Someone's tried sneaking semiconductor secrets out of South Korea's patent office
- UK's Sellafield nuke waste processing plant fined £333K for infosec blunders
While the scale of the data theft is on large size, its impact is likely to be slight. Sure, no one likes having even basic information stolen, but outside of a fashion-related phishing attempt, the database is going to be of limited value.
However, Hudson says that Satanic's reputation as a data thief is solid and it makes a fairly decent living (in financial terms at least) from selling such data.
Hot Topic was unavailable for comment at the time of going to press. ®