A huge data breach has hit Aditya Birla Fashion and Retail Limited (ABFRL), one of India’s largest fashion retail corporations. Data from the Aditya Birla Group-owned portal was allegedly scraped and shared online, containing over 5.4 million email addresses. Personal customer information such as names, phone numbers, addresses, dates of birth, order histories, credit card information, and passwords are allegedly saved in the purported database as Message-Digest algorithm 5 (MD5) hashes. Employee information, including payment information, religion, and marital status, is reported to have been exposed in the data breach.
ShinyHunters, a hacker collective, has made the claimed Aditya Birla Fashion and Retail database public. Have I Been Pwned, a data breach tracking website informed some impacted customers of an ABFRL account breach? In December of last year, 5,470,063 Aditya Birla Fashion and Retail Limited accounts were allegedly breached and ransomed. The ransom demand made by the hacker gang was purportedly turned down, and the material was then made public on a famous hacking forum.
Visit the Have I Been Pwned page and input your email or phone number to see if you were a victim of the data breach. ABFRL has been contacted by News Media for comment on the incident. When we receive feedback, we will update this report.
Troy Hunt, the developer of the Have I Been Pwned website, told News Media, “It’s a massive amount of data and it contains source code as well.” “Customers, as well as employees, have a lot of personal information. I’m not sure why they would store sensitive PII like religion, as well as very personal information like marital status. It’s unclear why this is essential in order for someone to do their work properly.”
ABFRL also failed to disclose anything about the matter, according to Hunt.
“The information is widely disseminated on hacker sites, but they have yet to notify customers, as far as I’m aware. That’s unforgivable “he stated
According to a report by RestorePrivacy, ShinyHunters had access to the ABFRL database for several weeks. According to the allegation, the information reportedly compromised included complete names, email addresses, birth dates, physical addresses, gender, age, marital status, pay, religion, and more for ABFRL employees. It is also reported to contain ABFRL client data, hundreds of thousands of invoices, as well as the company’s website source code and server statistics.
The News Media was able to independently confirm the existence of ShinyHunters’ forum post announcing the data leak.
“We attempted to contact ABFRL but were unsuccessful. They dispatched a negotiator, but he was only stalling (the offer was more than reasonable for a ‘US$ 45-billion company’). As a result, we’ve chosen to expose everything for you, including their well-known divisions like Pantaloons.com and Jaypore.com “In a post dated January 11, the hackers organization stated. The specific sum required for payment, however, is uncertain.
The data includes server logs and vulnerability reports for ABFRL Indian clothing brands such as American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil, according to RestorePrivacy’s report.
Financial and transaction records, as well as 21GB of ABFRL invoices, are claimed to be included in the hacked database. ShinyHunters told RestorePrivacy that they had obtained credit card information from ABFR customers, notably Pantaloons. ShinyHunters is reported to have such data, according to ABFRL personnel.