Fashionable athleisure clothes model Halara is investigating a data breach after the alleged knowledge of virtually 950,000 prospects was leaked on a hacking discussion board.
The Hong Kong firm was based in 2020 and shortly grew to become very talked-about by the various movies selling its clothes on TikTok.
Halara instructed BleepingComputer that it’s conscious that buyer knowledge was allegedly stolen and leaked on-line and is investigating a possible breach.
This comes after an individual named ‘Sanggiero’ claimed to have breached Halara earlier this month and shared a textual content file containing stolen buyer knowledge on a hacking discussion board and a Telegram channel.
“In January 2024, over 1M rows of knowledge from the shop firm Halara was posted to a well-liked hacking discussion board. The info contained 1M distinctive addressId, first identify, final identify, telephone numbers, nation, house handle, zip, province, metropolis, iso,” reads a publish from Sanggiero.
It must be famous that the discussion board publish makes use of an incorrect emblem for Halara and as a substitute makes use of one for a hashish firm that was not breached.
BleepingComputer has reviewed the leaked knowledge, and whereas Sanggiero says it incorporates 1 million strains of knowledge, the textual content file solely incorporates 941,910 information.
Whereas BleepingComputer has not been capable of verify if the entire knowledge is correct, we contacted a number of individuals listed within the file and have confirmed that they’re all Halara prospects and that their listed telephone numbers, names, and addresses are correct.
In a dialog with BleepingComputer, Sanggiero says that they obtained the information by exploiting a bug in an API on Halara’s web site, which they are saying continues to be unfixed.
Sanggiero mentioned they didn’t contact Halara in regards to the stolen knowledge and determined to launch it without spending a dime as it might not have a number of worth if making an attempt to promote it.
Halara prospects must be looking out for focused smishing assaults (SMS phishing) that try and steal different data, reminiscent of e mail addresses and passwords.
This data can be utilized for additional assaults or offered to different menace actors who use it for fraud or different malicious habits.
BleepingComputer is conscious of quite a few menace actors promoting stolen accounts for on-line retailers, reminiscent of Saks fifth Avenue, Categorical, and Ulta Magnificence, that are used to make fraudulent purchases.