A massive data breach has compromised 57 million customers from Hot Topic, Torrid, and Box Lunch, with hackers stealing 54 million email addresses and credit card details for 25 million users. The breach was linked to a hacker group called “Satanic”, which exploited a cloud vulnerability in Hot Topic’s data storage platform, Snowflake.
How Did the Hack Happen?
The breach began with an infostealer malware infection on an employee’s device at a partner company, Robling, which provided Satanic with 240 stolen credentials. Without multi-factor authentication (MFA), the hacker easily accessed Hot Topic’s systems. Once inside, they exploited misconfigured cloud storage settings to access sensitive customer data.
Double Extortion
Satanic used a double extortion tactic, demanding ransom after encrypting and stealing data, while uploading samples to dark web forums as proof. This increases pressure on companies to pay the ransom to avoid public exposure of the data.
Hot Topic’s Response
As of now, Hot Topic has not disclosed the breach to customers or government authorities, leaving millions unaware of the exposure of their personal information.
How to Protect Yourself
Customers of Hot Topic, Torrid, and Box Lunch should monitor accounts for unusual activity and change passwords. Enable MFA where possible to prevent unauthorized access.
