Hackers stole & leaked over 5mn User Data from India’s Aditya Birla Fashion

By Arya M Nair, Official Reporter
  • Follow author on
Data Breach
Representational Image

Aditya Birla Fashion and Retail Limited (ABFRL), an India-based fashion retail company, has been subjected to a massive data breach with more than 5.4 million email addresses extracted and released publicly from the Group’s platform.

The alleged database includes personal customer information such as names, phone numbers, addresses, dates of birth, order histories, credit card details and passwords stored as Message Digest Algorithm 5 (MD5) hashes. The data breach would include details of the employees, including salary details, religion and marital status.

The fashion retailer’s database has been made public by a group of hackers dubbed as ShinyHunters. News of a breach of ABFRL accounts was reported by Have I Been Pwnd, a website that allows Internet users to check whether their personal data has been compromised by data breaches.

ShinyHunters is the same group that has hacked many other large businesses, including Microsoft, Tokopedia, Pixlr, Mashable, Minted, and more. According to the report, 5,470,063 Aditya Birla Fashion and Retail Limited accounts were breached and ransomed in December last year. The hacker group’s ransom demand was reportedly rejected and the data was later publicly posted on a popular hacking forum.

The data also includes server logs and vulnerability reports for ABFRL Indian clothing brands including American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil.

“We tried to get in touch with the ABFRL. They sent a negotiator but he was just stalling. Our offer was more than reasonable for a ’$45 billion conglomerate’. So we decided to just disclose for you guys, including their famous divisions such as Pantaloons.com or Jaypore.com,” ShinyHunters said in a hacking forum post. However, the exact amount requested for payment is unknown.

Related: UAB to use US-based Commvault’s Complete Data Protection solution