Popular athleisure clothes model Halara is investigating an information breach after the alleged knowledge of virtually 950,000 prospects was leaked on a hacking discussion board.
The Hong Kong firm was based in 2020 and shortly grew to become extremely popular via the various movies selling its clothes on TikTok.
Halara informed BleepingComputer that it’s conscious that buyer knowledge was allegedly stolen and leaked on-line and is investigating a possible breach.
This comes after an individual named ‘Sanggiero’ claimed to have breached Halara earlier this month and shared a textual content file containing stolen buyer knowledge on a hacking discussion board and a Telegram channel.
“In January 2024, over 1M rows of information from the shop firm Halara was posted to a preferred hacking discussion board. The knowledge contained 1M distinctive addressId, first identify, final identify, cellphone numbers, nation, house deal with, zip, province, metropolis, iso,” reads a publish from Sanggiero.
Source: BleepingComputer
It must be famous that the discussion board publish makes use of an incorrect emblem for Halara and as an alternative makes use of one for a hashish firm that was not breached.
BleepingComputer has reviewed the leaked knowledge, and whereas Sanggiero says it accommodates 1 million strains of information, the textual content file solely accommodates 941,910 information.
While BleepingComputer has not been in a position to affirm if all the knowledge is correct, we contacted a number of individuals listed within the file and have confirmed that they’re all Halara prospects and that their listed cellphone numbers, names, and addresses are correct.
In a dialog with BleepingComputer, Sanggiero says that they obtained the info by exploiting a bug in an API on Halara’s web site, which they are saying continues to be unfixed.
Sanggiero stated they didn’t contact Halara concerning the stolen knowledge and determined to launch it without spending a dime as it might not have a whole lot of worth if attempting to promote it.
Halara prospects must be looking out for focused smishing assaults (SMS phishing) that try and steal different data, resembling e-mail addresses and passwords.
This data can be utilized for additional assaults or offered to different risk actors who use it for fraud or different malicious habits.
BleepingComputer is conscious of quite a few risk actors promoting stolen accounts for on-line retailers, resembling Saks fifth Avenue, Express, and Ulta Beauty, that are used to make fraudulent purchases.