Identity, Data Security, Privacy

Credential stuffing attacks compromise Hot Topic

Hacker attack computer hardware microchip while process data through internet network, 3d rendering insecure Cyber Security exploit database breach concept, virus malware unlock warning screen

U.S. fast fashion retailer Hot Topic had its customers' data compromised following a series of credential stuffing attacks in November, reports BleepingComputer.

Threat actors leveraging email accounts and passwords stolen from a third party deployed intrusions against the clothing chain's website and mobile app to breach Hot Topic Rewards accounts between Nov. 18 and 19 and on Nov. 25, allowing access to customers' names, birthdates, mailing and email addresses, phone numbers, and partial payment data, said Hot Topic in breach notification letters issued this week.

"Based on our investigation to date, we are not able to determine which, if any, accounts were accessed by unauthorized third parties as opposed to legitimate customer logins during the relevant time periods," added Hot Topic.

Impacted individuals have been urged to promptly reset their passwords. Such a development comes after Hot Topic reported being impacted by five waves of credential stuffing attacks between February and June last year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.