Aditya Birla Fashion and Retail Limited (ABFRL), an India-based fashion retail company, has become a victim of a massive data breach. Data with over 5.4 million email addresses have been allegedly scraped from the Aditya Birla Group-owned platform and posted publicly. The alleged database includes personal customer information such as names, phone numbers, addresses, dates of births, order histories, credit card details, and passwords stored as MD5 (Message-Digest algorithm 5) hashes. The data breach is said to include details of employees including salary details, religion, and their marital status.
The alleged Aditya Birla Fashion and Retail database has been made public by a hacker group known as ShinyHunters. The news of a breach of ABFRL accounts was reported by Have I Been Pwnd. As per the report, 5,470,063 Aditya Birla Fashion and Retail Limited accounts were breached and ransomed in December last year. The hacker group’s ransom demand was allegedly rejected, and the data was subsequently posted publicly on a popular hacking forum.
ShinyHunters had access to the ABFRL database for many weeks, as per a report by RestorePrivacy. According to the report, the information which was allegedly hacked is claimed to include the details of ABFRL employee data like full name, email, birth date, physical address, gender, age, marital status, salary, religion, and more. It is also said to have ABFRL customer data and hundreds of thousands of invoices and the website source code of the company and server reports.
“We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”. So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com or Jaypore.com”, RestorePrivacy quoted ShinyHunters as saying on a post on the hacking forum. However, the exact amount requested for payment is unknown.
As per the report, the data includes server logs and vulnerability reports for ABFRL Indian clothing brands including American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil.
The leaked database includes financial and transaction details with 21GB of ABFRL invoices. ShinyHunters informed RestorePrivacy that they acquired ABFR customers’ credit card data, specifically from Pantaloons. ABFRL staff is said to know that ShinyHunters is in possession of such data.