American clothing retailer Hot Topic has alerted customers to multiple cyber breaches that occurred between February 7 and June 21, resulting in the disclosure of confidential information by hackers.
Hot Topic is a retail network that specializes in counter-cultural clothing and accessories, as well as licensed music. With 675 stores in the United States, it also operates an online store that attracts nearly 10 million visitors, according to Similarweb.
The company explained that the hackers utilized stolen accounting data and targeted the Hot Topic Rewards platform on several occasions, potentially leading to the theft of customer data. However, Hot Topic clarified that the stolen accounts did not belong to its own users, and the hackers obtained them from an unknown third-party source.
The information that may have been exposed by the hackers includes customers’ full names, email addresses, order histories, phone numbers, dates of birth, delivery addresses, and the last four digits of saved payment cards.
While unauthorized access or data exploitation has not yet been confirmed, the company is notifying affected users as a precautionary security measure.
Hot Topic has taken steps to enhance security on its website and mobile application to prevent attacks, particularly against credential stuffing – a type of cyber attack that relies on using the same login credentials across multiple online platforms. By leaking or obtaining data from one service, attackers can then attempt to access the target system by testing various combinations of usernames and passwords.