Aditya Birla Fashion Retail Ltd. (ABFRL) is one of the leading fashion conglomerates in the country with a presence in more than 3k stores and 26k multi-brand outlets
Some of ABFRL’s leading brands include Louis Philippe, Van Heusen, Allen Solly and Peter England
A user called ‘ShinyHunter’ made a post on RaidForums claiming to have data pertaining to ABFRL users and offered the data for sale
Aditya Birla Fashion Retail Ltd. (ABFRL) has suffered a major data breach on its portal. A hacker group called ShinyHunters has allegedly made 700 GB of ABFRL’s customer data public, including 5.4 Mn emails and phone numbers.
ABFRL is one of the leading fashion conglomerates in the country with a presence in over 3k stores and 26k multi-brand outlets. Some of its leading retail formats include Pantaloons and Jaypore.com. Besides, it retails brands including Louis Philippe, Van Heusen, Allen Solly and Peter England.
In this case, a user called ‘ShinyHunter’ made a post on RaidForums claiming to have ABFRL users data that it offered for sale. RaidForums is a database company that gathers data from breaches and leaks, as well as an active marketplace for selling these leaks. It has a total of 445k users dedicated to hacking, database leaks and tech.
“We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”). So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com or Jaypore.com,” said the user in a forum post.
ShinyHunters is a criminal black-hat hacking group that has been involved in many data breaches since it began its operations with the Tokopedia Hack in 2020. On 2nd May 2020, the hacker group inflicted a data breach on the Indonesian ecommerce platform and leaked 15 Mn users’ login details including gender, location, username, full name, email address, phone number and hashed passwords.
A few hours after the breach, ShinyHunters put up a database containing more than 91 Mn records on sale for $5000. Other exploits by the group include hacks on Github (Microsoft), BigBasket, Wattpad, Nitro PDF etc.
The group’s usual modus operandi involves leaking a small amount of data from a breach that allows others to verify that a breach has indeed occurred before selling off the rest of the data on the dark web. But this time, the group has decided to release all the data for free on RaidForums.
“This time, they have made all the data available for free. I have confirmed the same in my correspondence with them,” said Rajshekhar Rajaharia to Inc42. He had initially brought up the issue in a tweet he posted earlier. ABFRL and ShinyHunters have yet to share comments on the matter.
