A huge data breach has been discovered at Aditya Birla Fashion and Retail Ltd (ABFRL)
17 January 2022, Mumbai:
Aditya Birla Apparel & Retail Ltd (ABFRL), India's top fashion company, has suffered a significant data breach, with over 5.4 million email addresses allegedly stolen from the Aditya Birla Group-owned platform and shared online.
In December of last year, 5,470,063 ABRFL accounts were allegedly breached and ransomed. Financial and transaction records, as well as 21GB of ABFRL invoices, are claimed to be included in the hacked database. ShinyHunters, a hacking collective, has made the supposed database public.
The incident was confirmed by ABFRL, which said it is investigating an information security breach involving unauthorised access to its e-commerce database. There has been no operational or business impact, according to the company's representative.
"As a precautionary move, the company has reset all client passwords and enabled OTP-based authentication, as well as taken further steps to secure access to customer and employee information," he stated. Cyber security specialist Rajshekhar Rajaharia has also tweeted about it and shared details.
According to sources, the claimed database contains sensitive customer data such as names, phone numbers, addresses, dates of birth, order histories, credit card information, and passwords stored as MD5 hashes.
Employee information, including payment information, religion, and marital status, is reported to have been exposed in the data breach. Have I Been Pwned, a data breach tracking website informed some impacted customers of an ABFRL account breach?
The ransom demand made by the hacker gang was purportedly turned down, and the material was then made public on a famous hacking forum.
ShinyHunters got access to the ABFRL database for several weeks, according to a report by RestorePrivacy.
According to the allegation, the information reportedly compromised included complete names, e-mail addresses, birth dates, physical addresses, gender, age, marital status, pay, religion, and more for ABFRL employees.
Server logs and vulnerability reports for ABFRL Indian apparel labels American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil are among the information.
It is also reported to contain ABFRL client data, hundreds of thousands of invoices, as well as the company's website source code and server statistics. "We tried to get in touch with ABFRL," Gadgets 360 said.
They dispatched a negotiator, but he was only stalling (the offer was more than reasonable for a 'US $ 45-billion company').
So we decided to release everything for you guys, including their well-known divisions like Pantaloons.com and Jaypore.com," the hackers wrote in an 11 January post. The specific sum required for payment, however, is uncertain.
Stay Updated.
Follow us on Linkedin & Youtube.