Hot Topic, an American company specializing in counterculture clothing, accessories, and licensed music, has disclosed a data breach that compromised user information, including partial payment card data.
“We recently identified suspicious login activity to certain Hot Topic Rewards accounts,” a data breach notification notice filed with the California Attorney General’s Office reads.
According to the retail company, unauthorized parties launched automated attacks against its website and mobile application on February 7th, March 11th, May 19-21st, May 27-28th, and June 18-21st, 2023.
Apparently, threat actors used valid email addresses and passwords obtained from a third party source. Hot Topic couldn’t determine which accounts were accessed by the unauthorized users.
Hot Topic reached out to customers whose account credentials were used during the period of suspicious login activity. If the login wasn’t authorized by the user, threat actors might have accessed the following information:
- Email address
- Order history
- Phone number
- Month and day of birth
- Mailing address
- Partial payment card data
“We have been working with outside cybersecurity experts and have implemented specific steps to safeguard our website and mobile application from automated “credential stuffing” attacks, including deploying bot protection software designed to stop such attacks,” the company noted.
Customers were encouraged to reset their Hot Topic account passwords, and choose strong and unique passwords. For that, Cybernews recommends using a strong password generator. You might also want to use our data leak checker to see whether your credentials have been compromised in the past.
More from Cybernews:
Subscribe to our newsletter