PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
A cybersecurity vendor has uncovered evidence that a hacker stole data from fashion retailer Hot Topic, including the personal information of millions of customers.
Israeli cybersecurity firm Hudson Rock is warning about the alleged breach after a hacker began selling access to a database full of customer information looted from Hot Topic and two affiliated brands, BoxLunch and Torrid.
The hacker, who goes by the name “Satanic,” claims the database contains details on 350 million users, including names, email addresses, physical addresses, and dates of birth — all information that Hot Topic was asking users to fill out for its loyalty program. Satanic is offering the database for $20,000 while demanding Hot Topic pay $100,000 to have the sale removed.
Hudson Rock says the breach is credible after discovering evidence that an employee’s computer at third-party retail analytics firm Robling was infected with malware. The cybersecurity firm identified the infection since Hudson Rock operates Cavalier, a cyberintelligence platform that monitors compromised computers with the goal of alerting clients.
“By searching the keyword ‘hottopic’ in Hudson Rock’s Cavalier platform, researchers discovered an employee who was recently infected by an Infostealer on September 12th, 2024,” the cybersecurity vendor wrote in a blog post. “With over 240 credentials found on the [compromised] machine, many of which are corporate, researchers determined that this person is employed at a company called ‘Robling,’ whose description is ‘Helping retailers unite data across silos.’”
The finding suggests the Robling employee was trying to analyze Hot Topic’s data through cloud platforms such as Snowflake, Microsoft Azure, and Google’s Looker. However, the data was exposed after a hacker installed password-stealing malware on the employee’s computer.
Hudson Rock researchers reached out to Satanic, who provided a username that matched the one found on the compromised computer. “Lastly, Satanic claimed, we emphasize, the hacker CLAIMED, that the breach originated from a lack of MFA (multi-factor authentication) on a Snowflake account along with ‘other links,'” Hudson Rock added.
Hot Topic and Robling didn’t immediately respond to a request for comment. In the meantime, Hudson Rock is warning the stolen information could be exploited to target affected customers with fraud, phishing, and identity theft schemes. Satanic is indicating they stole 680GB of data, including 116GB related to customer information.
Whether the hacker stole data on 350 million users hasn’t been confirmed. Hudson Rock CTO Alon Gal tells PCMag that Satanic originally boasted about stealing data on 1 billion users but has since revised the estimate. “I asked him how many uniques, he said 350m and later edited the thread as well,” Gal added.