‘Satanic’ Hacker Claims to Have the Personal and Payment Data of 350M Hot Topic Customers

• A hacker allegedly stole 350 million Hot Topic customers’ sensitive data obtained via an infostealer infection.
• The exposed data includes partial payment information, names, email addresses, physical addresses, and birth dates.
• The cybercriminal sells the dataset for $20,000 and has reportedly offered Hot Topic a $100,000 settlement.

A significant data breach incident has surfaced, targeting the popular fashion retailer Hot Topic. A cybercriminal operating under the moniker 'Satanic' claims to have compromised the personal information of approximately 350 million customers, according to a detailed security report from Israeli security firm Hudson Rock.

Preliminary investigations suggest the breach may have originated from an employee at Robling, a retail analytics company. 

According to Satanic, the breach involved accessing loyalty accounts of Hot Topic's vast customer base. The stolen data encompasses personally identifiable information (PII) such as names, email addresses, physical addresses, and birth dates. 

While financial details are somewhat protected, the thief purports to have obtained partial payment information, including the last four digits of credit cards, card types, hashed expiration dates, and account holder names.

While Satanic's reputation as a data thief is acknowledged within cybercrime circles, the relatively low asking price of $20,000 for the database reflects the limited actionable data acquired. Additionally, Satanic has reportedly offered Hot Topic a $100,000 settlement to withdraw the sale listing.

It appears that a malware infection that spread in September enabled unauthorized access to sensitive information, including 240 credentials. However, Hudson Rock notes that this evidence is not definitive, and further inquiries with the hacker are ongoing.

Despite the extensive scope of the data theft, the immediate impact is considered limited. The information stolen lacks complete financial details, reducing its value for malicious exploitation. However, the potential for phishing attacks targeting Hot Topic customers remains a concern.

In June, luxury retailer Neiman Marcus acknowledged a security incident in May that exposed sensitive customer details, including names, addresses, phone numbers, and more. The company confirmed that the data breach was connected to its Snowflake account.