Halara probes breach after hacker leaks data for 950,000 people

Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.
The Hong Kong company was founded in 2020 and quickly became very popular through the many videos promoting its clothing on TikTok.
Halara told BleepingComputer that it is aware that customer data was allegedly stolen and leaked online and is investigating a potential breach.
This comes after a person named 'Sanggiero' claimed to have breached Halara earlier this month and shared a text file containing stolen customer data on a hacking forum and a Telegram channel.
It should be noted that the forum post uses an incorrect logo for Halara and instead uses one for a cannabis company that was not breached.
BleepingComputer has reviewed the leaked data, and while Sanggiero says it contains 1 million lines of data, the text file only contains 941,910 records.
While BleepingComputer has not been able to confirm if all of the data is accurate, we contacted multiple people listed in the file and have confirmed that they are all Halara customers and that their listed phone numbers, names, and addresses are accurate.
In a conversation with BleepingComputer, Sanggiero says that they obtained the data by exploiting a bug in an API on Halara's website, which they say is still unfixed.
Sanggiero said they did not contact Halara about the stolen data and decided to release it for free as it would not have a lot of value if trying to sell it.
Halara customers should be on the lookout for targeted smishing attacks that attempt to steal other information, such as email addresses and passwords.
This information can be used for further attacks or sold to other threat actors who use it for fraud or other malicious behavior.
BleepingComputer is aware of numerous threat actors selling stolen accounts for online retailers, such as Saks 5th Avenue, Express, and Ulta Beauty, which are used to make fraudulent purchases.
Fidelity National Financial: Hackers stole data of 1.3 million people.
Mint Mobile discloses new data breach exposing customer data.
23andMe updates user agreement to prevent data breach lawsuits.
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 11 Jan 2024 20:31:13 +0000


Cyber News related to Halara probes breach after hacker leaks data for 950,000 people

Halara probes breach after hacker leaks data for 950,000 people - Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. The Hong Kong company was founded in 2020 and quickly became very popular through the many ...
11 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
10 months ago Securityzap.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com
Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
1 year ago Bleepingcomputer.com
Thousands of Young People Told Us Why the Kids Online Safety Act Will Be Harmful to Minors - How young people feel about the Kids Online Safety Act matters. These comments show that thoughtful young people are deeply concerned about the proposed law's fallout, and that many who would be affected think it will harm them, not help them. In ...
9 months ago Eff.org
Infosys McCamish Systems data breach impacted over 6M people - MUST READ. Infosys McCamish Systems data breach impacted over 6 million people. Keytronic confirms data breach after ransomware attack. City of Cleveland still working to fully restore systems impacted by a cyber attack. ABN Amro discloses data ...
5 months ago Securityaffairs.com
DNA testing: What happens if your genetic data is hacked? - The personal information of millions of people who sent swabs of their DNA to consumer testing services have been leaked in high profile hacks in recent years, leading to questions about how secure that genetic data is. In autumn 2023, a hacker ...
10 months ago Packetstormsecurity.com
Auto parts giant AutoZone warns of MOVEit data breach - AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating ...
1 year ago Bleepingcomputer.com
Prudential Financial now says 2.5 million impacted by data breach - Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. According to an 8-K form filed with the U.S. Securities and Exchange ...
5 months ago Bleepingcomputer.com
Pharmacy provider Truepill data breach hits 2.3 million customers - Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. Truepill is a B2B-focused pharmacy platform that uses APIs for order fulfillment ...
1 year ago Bleepingcomputer.com
AT&T says leaked data of 70 million people is not from its systems - AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to ...
9 months ago Bleepingcomputer.com
FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
10 months ago Bleepingcomputer.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity - COMMENTARY. Global data privacy laws were created to address growing consumer concerns about individual privacy. These laws include several best practices for businesses about storing and using consumers' personal data so that the exposure of ...
1 year ago Darkreading.com
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
9 months ago Securityweek.com
Collection agency FBCS ups data breach tally to 3.2 million people - Debt collection agency Financial Business and Consumer Solutions now says over 3.2 million people have been impacted by a data breach that occurred in February. FBCS is a nationally licensed debt collection agency in the U.S., specializing in ...
5 months ago Bleepingcomputer.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
CVE-2024-31391 - Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic ...
8 months ago Tenable.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
5 months ago Securityaffairs.com
WebTPA data breach impacts 2.4 million insurance policyholders - The WebTPA Employer Services data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. Some of the impacted people are customers at large insurance companies such ...
7 months ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
11 months ago Securityboulevard.com
Texas Retina Associates Notifies Nearly 300k People of Recent Data Breach - On June 26, 2024, Texas Retina Associates filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, ...
5 months ago Jdsupra.com
Ticketmaster sends notifications about recent massive data breach - Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. Last month, a threat actor known as ShinyHunters began selling stolen ...
5 months ago Bleepingcomputer.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)