Aditya Birla Fashion and Retail Limited (ABFRL), an India-based fashion retail company, has been the victim of a major data breach. Data containing more than 5.4 million email addresses has reportedly been scraped from the Aditya Birla Group platform and posted publicly. The alleged database contains personal customer information such as names, phone numbers, addresses, dates of birth, order history, credit card details and passwords stored as MD5 hashes (Message-Digest algorithm 5). The data breach is said to contain details of employees, including salary information, religion and their marital status.
The alleged Aditya Birla Fashion and Retail database was made public by a hacker group known as ShinyHunters. News of an ABFRL account breach was reported by Have I Been Pwnd. According to the report, 5,470,063 accounts belonging to Aditya Birla Fashion and Retail Limited were hacked and ransomed in December last year. The hacker group’s ransom request was reportedly denied and the data was subsequently posted publicly on a popular hacking forum.
Visit the Have I Been Pwned website and enter your email address or phone number to verify that you are part of the breach.
According to a report by RestorePrivacy, ShinyHunters had access to the ABFRL database for many weeks. According to the report, the information allegedly hacked includes details of ABFRL employee data such as full name, email, date of birth, physical address, gender, age, marital status, salary, religion and more. It is also said to have ABFRL customer data and hundreds of thousands of invoices and the company’s website source code and server reports.
“We tried to get in touch with ABFRL. They sent a negotiator, but he just faltered (the offer was more than fair for a $45 billion conglomerate). So we decided to leak everything for you, including their famous divisions like Pantaloons.com or Jaypore.com,” RestorePrivacy quoted ShinyHunters in a post on the hacking forum. However, the exact amount requested for payment is unknown.
According to the report, the data includes server logs and vulnerability reports for ABFRL Indian clothing brands, including American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion and Shantanu & Nikhil.
The leaked database contains financial and transaction data with 21 GB of ABFRL invoices. ShinyHunters informed RestorePrivacy that they had obtained the credit card information from ABFR customers, particularly from Pantaloons. ABFRL employees would know that ShinyHunters is in possession of such data.