Article Details
Scrape Timestamp (UTC): 2024-01-11 20:30:00.309
Original Article Text
Click to Toggle View
Halara probes breach after hacker leaks data for 950,000 people. Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. The Hong Kong company was founded in 2020 and quickly became very popular through the many videos promoting its clothing on TikTok. Halara told BleepingComputer that it is aware that customer data was allegedly stolen and leaked online and is investigating a potential breach. This comes after a person named 'Sanggiero' claimed to have breached Halara earlier this month and shared a text file containing stolen customer data on a hacking forum and a Telegram channel. "In January 2024, over 1M rows of data from the store company Halara was posted to a popular hacking forum. The data contained 1M unique addressId, first name, last name, phone numbers, country, home address, zip, province, city, iso," reads a post from Sanggiero. It should be noted that the forum post uses an incorrect logo for Halara and instead uses one for a cannabis company that was not breached. BleepingComputer has reviewed the leaked data, and while Sanggiero says it contains 1 million lines of data, the text file only contains 941,910 records. While BleepingComputer has not been able to confirm if all of the data is accurate, we contacted multiple people listed in the file and have confirmed that they are all Halara customers and that their listed phone numbers, names, and addresses are accurate. In a conversation with BleepingComputer, Sanggiero says that they obtained the data by exploiting a bug in an API on Halara's website, which they say is still unfixed. Sanggiero said they did not contact Halara about the stolen data and decided to release it for free as it would not have a lot of value if trying to sell it. Halara customers should be on the lookout for targeted smishing attacks (SMS phishing) that attempt to steal other information, such as email addresses and passwords. This information can be used for further attacks or sold to other threat actors who use it for fraud or other malicious behavior. BleepingComputer is aware of numerous threat actors selling stolen accounts for online retailers, such as Saks 5th Avenue, Express, and Ulta Beauty, which are used to make fraudulent purchases.
Daily Brief Summary
Halara, an athleisure brand popularized via TikTok, confirms a possible data breach after a hacker released customer data online.
The hacker, known as 'Sanggiero,' posted a file with personal details of nearly 950,000 individuals on a hacking forum and Telegram.
Although the data claims to represent 1 million rows, the actual count is 941,910 records, including names, phone numbers, and addresses.
BleepingComputer verified that multiple records in the leaked file are accurate by contacting individuals who confirmed they are Halara customers.
The hacker alleges the data was obtained through an API vulnerability on Halara's website, which reportedly remains unfixed.
Sanggiero chose to distribute the data for free, believing it had limited value in the criminal marketplace.
The breach raises concerns about possible smishing attacks targeting affected customers, as well as the broader risk of account theft and fraudulent transactions on retail platforms.