NEW DELHI: One of India’s largest fashion retail enterprises, Aditya Birla Fashion and Retail Limited (ABFRL), has been the victim of a huge data breach. Data including over 5.4 million email addresses were allegedly scraped and released online from the Aditya Birla Group-owned portal.
Personal client information such as names, phone numbers, addresses, dates of birth, order histories, credit card details, and passwords are allegedly saved as Message-Digest algorithm 5 (MD5) hashes in the purported database. The data leak is claimed to include employee information such as salary, religion, and marital status.
ShinyHunters, a hacker gang, has made the claim that Aditya Birla Fashion and Retail database public. Have I Been Pwned, a data breach tracking website notified some impacted customers of an ABFRL account breach. In December of last year, it is reported that 5,470,063 Aditya Birla Fashion and Retail Limited accounts were breached and ransomed. The ransom demand made by the hacker gang was apparently denied, and the material was then made public on a famous hacking site.
Visit the Have I Been Pwned page and enter your email or phone number to see if you were a victim of the breach. ABFRL has been contacted by Gadgets 360 for comment on the incident. When we receive feedback, we will update this report.
According to RestorePrivacy, ShinyHunters had access to the ABFRL database for several weeks. According to the allegation, the allegedly compromised information included ABFRL employee data such as complete name, email, birth date, physical address, gender, age, marital status, salary, religion, and more. It is also reported to contain ABFRL client data, hundreds of thousands of invoices, the company’s website source code, and server logs.
The data contains server logs and vulnerability reports for ABFRL Indian clothing brands such as American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil, according to RestorePrivacy.
The hacked database is reported to contain financial and transaction information, as well as 21GB of ABFRL bills. ShinyHunters told RestorePrivacy that they had obtained credit card information from ABFR customers, notably Pantaloons. The ABFRL personnel is alleged to be aware that ShinyHunters has such information.
Follow The420.in on