Home Cyber Security Halara probes breach after hacker leaks knowledge for 950,000 folks

Halara probes breach after hacker leaks knowledge for 950,000 folks

0
Halara probes breach after hacker leaks knowledge for 950,000 folks

[ad_1]

Halara

In style athleisure clothes model Halara is investigating an information breach after the alleged knowledge of just about 950,000 clients was leaked on a hacking discussion board.

The Hong Kong firm was based in 2020 and shortly turned very fashionable by way of the various movies selling its clothes on TikTok.

Halara informed BleepingComputer that it’s conscious that buyer knowledge was allegedly stolen and leaked on-line and is investigating a possible breach.

This comes after an individual named ‘Sanggiero’ claimed to have breached Halara earlier this month and shared a textual content file containing stolen buyer knowledge on a hacking discussion board and a Telegram channel.

“In January 2024, over 1M rows of knowledge from the shop firm Halara was posted to a well-liked hacking discussion board. The information contained 1M distinctive addressId, first title, final title, cellphone numbers, nation, residence tackle, zip, province, metropolis, iso,” reads a submit from Sanggiero.

Forum post about alleged Halara data breach
Discussion board submit about alleged Halara knowledge breach
Supply: BleepingComputer

It must be famous that the discussion board submit makes use of an incorrect brand for Halara and as a substitute makes use of one for a hashish firm that was not breached.

BleepingComputer has reviewed the leaked knowledge, and whereas Sanggiero says it accommodates 1 million traces of knowledge, the textual content file solely accommodates 941,910 information.

Whereas BleepingComputer has not been in a position to verify if all the knowledge is correct, we contacted a number of folks listed within the file and have confirmed that they’re all Halara clients and that their listed cellphone numbers, names, and addresses are correct.

In a dialog with BleepingComputer, Sanggiero says that they obtained the info by exploiting a bug in an API on Halara’s web site, which they are saying continues to be unfixed.

Sanggiero mentioned they didn’t contact Halara concerning the stolen knowledge and determined to launch it free of charge as it might not have a variety of worth if making an attempt to promote it.

Halara clients must be looking out for focused smishing assaults (SMS phishing) that try and steal different info, resembling e mail addresses and passwords.

This info can be utilized for additional assaults or bought to different menace actors who use it for fraud or different malicious habits.

BleepingComputer is conscious of quite a few menace actors promoting stolen accounts for on-line retailers, resembling Saks fifth Avenue, Specific, and Ulta Magnificence, that are used to make fraudulent purchases.

[ad_2]