India’s largest fashion retail company, which is said to the most prominent player in the country focused into various industry verticals , Aditya Birla Fashion and Retail Limited (ABFRL), has been the latest victim of a huge data breach.
The Data breach including over 5.4 million email addresses were allegedly scraped from the Aditya Birla Group-owned platform and posted online.
The alleged database includes personal customer information such as names, phone numbers, addresses, dates of births, order histories, credit card details, and passwords stored as Message-Digest algorithm 5 (MD5) hashes. The data breach is said to include details of employees including salary details, religion, and their marital status.
The alleged Aditya Birla Fashion and Retail database has been made public by a hacker group known as ShinyHunters. The news of a breach of ABFRL accounts was informed to some affected customers by data breach tracking website Have I Been Pwned.
As many as 5,470,063 Aditya Birla Fashion and Retail Limited accounts are said to be breached and ransomed in December last year. The ransom demand made by the hacker gang was apparently denied, and the material was then made public on a famous hacking site.
According to RestorePrivacy, ShinyHunters had access to the ABFRL database for several weeks. According to the allegation, the allegedly compromised information included ABFRL employee data such as complete name, email, birth date, physical address, gender, age, marital status, salary, religion, and more. It is also reported to contain ABFRL client data, hundreds of thousands of invoices, the company’s website source code, and server logs.
As per the report by RestorePrivacy, the data includes server logs and vulnerability reports for ABFRL Indian clothing brands including American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil.
The leaked database is said to include financial and transaction details with 21GB of ABFRL invoices. ShinyHunters informed RestorePrivacy that they acquired ABFR customers’ credit card data, specifically from Pantaloons. ABFRL staff is said to know that ShinyHunters is in possession of such data.
Discussion about this post