Technology
Data breach exposes over 56 million clothing store customers
A cybersecurity vendor claimed last month that a hacker stole data from the fashion retailer Hot Topic, including the personal information of millions of customers. At that time, there was no confirmation from the retailer itself. However, a breach notification site has now confirmed that the personal data of 56,904,909 users was found online and leaked from customers of Hot Topic, Torrid and Box Lunch.
This data includes email addresses, physical addresses, phone numbers, purchase history, gender and dates of birth. Partial credit card data was also included in the breach.
I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS
Enter by signing up for my free newsletter.
What you need to know
The breach notification service Have I Been Pwned (HIBP) announced this week that it alerted 56 million Hot Topic customers about a data breach compromising their personal information. While Hot Topic, which operates more than 640 stores across the U.S., has yet to confirm the breach, HIBP reported that it occurred on Oct. 19. Just two days later, a threat actor using the alias “Satanic” claimed responsibility.
Satanic alleges that the database contains details of 350 million users, though that number seems inflated. The leaked data does, however, include names, email addresses, physical addresses and dates of birth; all information collected through Hot Topic’s loyalty program. The hacker is offering the database for $20,000 and demanding that Hot Topic pay $100,000 to prevent its sale.
Hudson Rock, an Israeli cybersecurity firm, initially reported the breach and considers it credible. The firm traced the issue back to a malware infection on an employee’s computer at Robling, a third-party retail analytics firm. Hudson Rock, which operates the cyber intelligence platform Cavalier to monitor compromised devices, discovered the infection and flagged it for clients.
It’s likely that the threat actor used credentials stolen by info stealer malware to gain access to an analytics platform used by Hot Topic, potentially allowing them to infiltrate the retailer’s cloud environments.
WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI
Hot Topic’s silence after the breach is suspicious
Evidence of a data breach at Hot Topic keeps piling up, but the company hasn’t said a word yet. Customers and state attorneys general haven’t been notified, either. Hot Topic’s silence could mean a few things, especially with such a big breach. They might still be investigating, working with cybersecurity experts to confirm what happened and figure out the extent of the damage. Sometimes, companies stay quiet, hoping to delay or dodge bad press. But this strategy can backfire, leading to more scrutiny and skepticism.
We reached out to Hot Topic to request a comment on our story but did not hear back before our deadline.
CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS
5 ways you can stay safe in the event of a data breach
1) Keep a strong password: With the Hot Topic data breach exposing sensitive information, it’s essential to update your passwords. Use a strong, unique password for each account, especially for services where your personal details are stored. A mix of letters, numbers and symbols will make it harder for hackers to guess. Consider using a password manager to keep everything secure and easily accessible.
2) Beware of suspicious links: After a breach, phishing attempts increase, and hackers may use your leaked email to send fake links or emails. Never click on suspicious links, especially those that ask for personal information. Always double-check the sender’s email and look out for strange language or urgent requests. If in doubt, go directly to the website instead of following the links in the message.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3) Invest in a data removal service: Since your personal information could be floating around on the dark web or public databases, it’s a good idea to invest in a data removal service. Check out my top picks for data removal services here.
4) Watch out for the risk of identity theft: The leaked data includes sensitive details like addresses, birthdays and purchase histories, which could be used for identity theft. Be extra cautious when sharing personal information moving forward, and if you notice anything unusual, report it immediately. If you are a Hot Topic customer, you might also want to consider an identity theft monitoring service. See my tips and best picks on how to protect yourself from identity theft.
5) Monitor your accounts regularly: Keep an eye on your bank accounts, credit card statements and even loyalty programs where your information is stored. Set up alerts for transactions and logins so you can act fast if anything seems off. Regular monitoring can help you catch fraudulent activity early, minimizing the damage if your data is misused.
DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP
Kurt’s key takeaway
The Hot Topic data breach is alarming, especially since it affects over 56 million people. What makes the situation even more concerning is that Hot Topic has stayed silent about it. The company hasn’t notified those affected, leaving many unprepared for potential cybersecurity threats. Hackers could use this gap to target victims with scams, leading to financial losses. This situation is a strong reminder of the importance of maintaining good cybersecurity hygiene, whether you’re impacted by a breach or not.
Should companies be forced to compensate customers whose data has been exposed instead of just staying silent? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels: Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Technology
Strava closes the gates to sharing fitness data with other apps
We wanted to provide some additional context around the changes to our API Agreement and the impact for our users and developers. We currently anticipate these changes will impact less than .1% of applications and proactively notified the majority of those affected last week.
Enhanced Privacy and User Control
Privacy and user control are at the forefront of our platform. As a result, we are committed to evolving our API practices as regulatory requirements and user expectations shift. This includes the decision to limit the ability of a user’s data to be displayed by third-party apps in ways the user may not expect. Specifically, we want to thoughtfully address situations where users connect to a third-party app and are unaware that their data is being surfaced not just for their own use and visibility, but also to other users (for example, in a public feed or heatmap). The latest API changes address this scenario and provide a more consistent framework for Strava user data.
Training AI Models
We believe in the potential of AI to transform the athlete experience–whether it’s delivering more personalized insights to help you reach your goals, generating route or training recommendations, or countless other possibilities. But innovation in this space must be handled responsibly and with a firm focus on user control. As part of our generative AI features, we are committed to implementing thoughtful solutions that prioritize user control and the ability to opt out.
Third-party developers may not take such a deliberate approach to training AI models and as a result, we believe the best decision for the platform and for users is to prohibit the use of data extracted from Strava users in this manner. Our previous terms already disallowed the use of Strava user data in model training and development but we’ve made this more explicit in light of the increasing activity in this space.
No Impact to Most Developers
We recognize that our platform thrives because of the creativity and dedication of third-party developers who build tools to complement and extend Strava’s capabilities. We are steadfast in our commitment to fostering this ecosystem. We anticipate that these changes will affect only a small fraction (less than .1%) of the applications on the Strava platform–the overwhelming majority of existing use cases are still allowed, including coaching platforms focused on providing feedback to users and tools that help users understand their data and performance.
Technology
Aqara’s new DIY-ready smart water shutoff works in more smart homes with Matter
Aqara’s Smart Valve Controller T1 is now available, bringing an interoperable Matter-compatible valve controller option to the smart home for the first time. The $69.99 T1 connects to your water shutoff valve so you can operate it remotely or shut it off automatically when a leak is detected.
The Aqara hub lets this T1 integrate with any of the major smart home platforms, unlike some pricier options from companies like Moen, Kohler, and Belkin. Right now, only Samsung and Home Assistant support smart valve controllers like this, but that will change as others expand their Matter device support.
The T1 attaches to the lever or butterfly handle of most household valves. Aqara says it’s “DIY-friendly as it requires no major modifications to existing plumbing” and has compatibility with half-inch, three-quarter-inch, and one-inch pipes.
Aqara says the T1 will run on four AA batteries for up to two years. For automation, the company also makes a cheap leak sensor, or you can use a different one that works with your preferred smart home platform after support is added.
Technology
New Tech Platforms Help Legal Immigrants
It’s no secret that America’s immigration policy is in desperate need of a high-tech overhaul. Most online immigration tools so far have been rudimentary, and that’s often left legal immigrants complaining of long wait times, contradictory instructions, and a web presence that doesn’t help with things like green card renewal or family petitions. Now President-Elect Trump is promising a big deportation push when he comes into office for his second term, and it’s more important than ever for immigrants to have their paperwork in order.
“Immigration, legal immigration should be efficient and accessible and affordable for everyone,” says Yasaman Soroori, the co-founder and CEO of Consulta, a new A.I.-powered platform offering high-tech solutions for those immigration issues. It’s thought to be the first online platform dedicated specifically to helping legal immigrants navigate America’s complicated immigration landscape. Their goal is simple; integrating tech with personalized support, hoping to bring order and affordability to a complex and costly process.
And Soroori says their intake protocol is much more simple and cost-effective than going to see an immigration attorney. “Once the user finds us on our website and goes to the platform,” she explains, “they are able to select the service that pertains to them, answer a simplified questionnaire, upload the necessary documents, we’ll even take care of the passport pictures for them. And that’s it.”
As the immigration debate heats up, Consulta is getting more visibility; it has a number of high-profile backers, including the founder of Venmo. Right now, services include renewing green cards, petitions for family visas, and help with citizenship. It’s all part of using A.I. to deliver a more streamlined immigration experience.
“We always talk about the negativity about immigration, but we don’t focus on the legal immigrants that are in this country,” says Soroori. “And we wanted to offer them the most stress free, affordable option in order for more people to pursue it.”
-
News1 week ago
Herbert Smith Freehills to merge with US-based law firm Kramer Levin
-
Technology1 week ago
The next Nintendo Direct is all about Super Nintendo World’s Donkey Kong Country
-
Business6 days ago
Column: OpenAI just scored a huge victory in a copyright case … or did it?
-
Health6 days ago
Bird flu leaves teen in critical condition after country's first reported case
-
Business3 days ago
Column: Molly White's message for journalists going freelance — be ready for the pitfalls
-
Politics1 week ago
Editorial: Abortion was on ballots across the country in this election. The results are encouraging
-
World1 week ago
Sarah Palin, NY Times Have Explored Settlement, as Judge Sets Defamation Retrial
-
Politics2 days ago
Trump taps FCC member Brendan Carr to lead agency: 'Warrior for Free Speech'