Heimdal
article featured image

Contents:

The American clothing company Hot Topic announced they identified suspicious login activity on a series of Reword accounts. Hot Topic warns that a data breach might have compromised users` sensitive information. The retail chain has 675 stores across the U.S. and an online shop with roughly 10 million visitors monthly.

The investigation revealed that unauthorized parties launched automated credential stuffing attacks against Hot Topic`s site and mobile app from February 7th to June 21st, 2023. The threat actors used stolen account credentials which Hot Topic claim they did not obtain from them.

However, the company could not identify what was the source of the compromised login data. Also, they could not differentiate until this moment which accounts were accessed by malicious actors and which ones had legitimate logins. So, they notified all customers that had logged in during the attacks.

In the data breach notification letter they`ve submitted to authorities, Hot Topic stated that:

However, we determined that your account credentials were used to access your Hot Topic Rewards account during the time periods of suspicious login activity. We have not determined that any login to your Hot Topic Rewards account was unauthorized.

The Hot Topic notification letter

The Exposed Data and Potential Risks

According to Hot Topic, in the case of an unauthorized login, the compromised data were:

  • the customer`s full name,
  • email address and phone number,
  • order history,
  • birth date,
  • the mailing address,
  • the last four digits of the card number in case the customer had saved a payment card in their account.

Threat actors can use this kind of information to launch phishing campaigns or for identity theft. Therefore, Hot Topic advised their customers to stay vigilant, review credit reports and account statements, and reset credentials. Security specialists also recommend choosing a strong, unique password for each account, to avoid falling victim to credential stuffing attacks.

How to Protect Against Data Breaches

Credential management helps safeguard users` private data and keeps a company`s digital assets safe. In order to avoid data breaches, companies should apply certain cybersecurity measures:

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE