Israeli cybersecurity firm Hudson Rock has uncovered a major data breach involving fashion retailer Hot Topic, along with its affiliated brands BoxLunch and Torrid.
The hacker, known as “Satanic,” claims to have stolen a database containing data on 350 million users, including personal details like names, email addresses, physical addresses, and dates of birth. This data was reportedly extracted from Hot Topic’s loyalty program.
Satanic is selling the database for $20,000 and is demanding $100,000 from Hot Topic to remove the sale. Hudson Rock’s investigation suggests the breach may have originated from an infected computer at Robling, a third-party analytics firm working with Hot Topic. Using their Cavalier cyberintelligence platform, Hudson Rock identified a malware infection on a Robling employee’s machine.
The breach is believed to have been facilitated by a lack of multi-factor authentication (MFA) on a Snowflake account. While the total number of affected users remains uncertain, Hudson Rock warns that the exposed data could be exploited for fraud, phishing, and identity theft. Hot Topic and Robling have yet to comment on the incident.
