Aditya Birla Fashion and Retail Limited (ABFRL), an India-based fashion retail company, has been the victim of a massive data breach. Data containing over 5.4 million email addresses was allegedly scraped from Aditya Birla Group’s platform and posted publicly. The alleged database contains personal customer information such as names, phone numbers, addresses, dates of birth, order histories, credit card details and passwords stored as MD5 (Message Digest Algorithm 5) hashes. The data breach is said to contain information about employees, including salary details, religion and their marital status.
The alleged Aditya Birla Fashion and Retail database was leaked by a hacker group called ShinyHunters. News of an ABFRL account breach was reported by Have I Been Pwnd. According to the report, 5,470,063 Aditya Birla Fashion and Retail Limited accounts were hacked and ransomed in December last year. The hacker group’s ransom demand was allegedly denied, and the data was subsequently publicly posted on a popular hacking forum.
To check if you were part of the violation, visit the Have I Been Pwned website and enter your email address or phone number.
According to a report by RestorePrivacy, ShinyHunters had access to the ABFRL database for many weeks. According to the report, the allegedly hacked information includes details of ABFRL employee details such as full name, email address, date of birth, home address, gender, age, marital status, salary, religion and more. There is also said to be ABFRL customer data and hundreds of thousands of invoices, as well as the company’s website source code and server reports.
“We tried to get in touch with ABFRL. They sent a negotiator, but he just stalled (the offer was more than reasonable for a ‘$45 billion conglomerate’. So we decided to leak everything for you guys, including their famous divisions like Pantaloons .com or Jaypore.com,” RestorePrivacy quoted ShinyHunters in a post on the hacking forum. However, the exact amount requested for payment is unknown.
According to the report, the data includes server logs and vulnerability reports for ABFRL’s Indian apparel brands, including American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil.
The leaked database contains financial and transaction details with 21GB of ABFRL invoices. ShinyHunters informed RestorePrivacy that they acquired the credit card details of ABFR customers, specifically Pantaloons. ABFRL employees should know that ShinyHunters is in possession of such data.
Check out the latest from the Consumer Electronics Show on Gadgets 360 in our CES 2022 hub.