Subj : Hot Topic confirms multiple new cyberattacks customer details an To : All From : TechnologyDaily Date : Fri Mar 29 2024 15:15:05 Hot Topic confirms multiple new cyberattacks customer details and payment info exposed online Date: Fri, 29 Mar 2024 15:05:48 +0000 Description: Unnamed attackers mounted a credential stuffing attack against Hot Topic. FULL STORY ====================================================================== Hot Topic customer may have been victims of a cyberattack when unknown actors tried to log into their accounts, the company has confirmed. In a breach notification letter sent to its customers, which was later picked up by BleepingComputer , the clothing store said that unidentified threat actors engaged in credential stuffing on November 18-19, and November 25, last year. With credential stuffing, an attacker tries a large number of username/password combinations against a service, until one combination works. Automation is usually deployed to speed the process up. User data taken According to Hot Topic, certain Hot Topic Rewards accounts were accessed during that time (the company didnt specify how many), prompting the subsequent investigation. The company doesnt know who the attackers are, or if they even managed to log into a noteworthy number of accounts. They also said they dont know where the attackers got the login credentials from, but are certain they didnt get it from Hot Topic. The breach notification letter was sent out of an abundance of caution. If the threat actors did manage to log into an account, they would have been able to obtain the users full name, email address, order history, month and day of birth, and mailing address. Not a lot, but still enough to run some forms of phishing or identity theft attacks. Compromised users who saved their credit card details on the platform shouldnt worry too much, as just the last four digits of the card were visible, the company concluded. Hot Topic has since reset user passwords , and deployed counter-measures to protect both the website, and the app, from credential stuffing attacks. External cybersecurity experts were also brought in, the company concluded. Hot Topic has more than 600 stores in the US and Canada, employing more than 10,000 people. More from TechRadar Pro What is credential stuffing, and how does it work? Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/hot-topic-confirms-multiple-new-cyberat tacks-customer-details-and-payment-info-exposed-online --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .