Aditya Birla Fashion and Retail (ABFRL) websites are still vulnerable and not safe for customers, the hacker group that allegedly leaked company data has claimed in conversation with Gadgets 360. The data that appeared online was 700GB in size and included more than 5.4. Millions of email addresses of customers and employees, which were reportedly removed from the fashion retail giant’s platform, have been found to have been stolen, according to researchers. However, the company said that its access to the information of customers and employees is protected. It also sent an email to customers informing them of the incident and resetting their passwords as a “pro-active” measure.
hacker group shinehunters Told Gadgets 360 that the sites owned Aditya Birla Fashion And Retail (ABFRL) are still vulnerable. “It will be safe not to shop at ABFRL, Jaipur, Pantaloons and others,” it alleged.
The hacker group also claimed that it still had hidden access to ABFRL data. Gadgets 360 was not able to independently verify the claims made by the hacker group. When asked, ABFRL said that it has secure access to the information of customers and employees.
“ABFRL is investigating an information security incident involving unauthorized access to its e-commerce database,” an ABFRL spokesperson said in a statement emailed to Gadgets 360. “The company has engaged forensic security experts to conduct the investigation. It has also informed the relevant authorities and is taking necessary steps to nab the culprits. There has been no operational or commercial impact.”
“As a proactive measure, the company has reset passwords of all customers and enabled OTP based authentication and has taken further steps to secure access to customer and employee information,” the spokesperson said.
ABFRL also sent an email on Tuesday to inform its customers about “illegal and unauthorized access to a portion of its customer database”.
“Earlier this week, we found that the profile information of some of our customers has been released in certain cyber forums. We are fully aware that this will be of great concern to you,” the Mumbai-based company said in the email.
The company also noted that it reset passwords of all its customers as a “precautionary measure” and enabled one-time password (OTP) based authentication. It also claimed that more steps have been taken for secure access to customer information.
“If you are using a normal password on other sites, we request you to change it as an extreme precaution. We would like to assure you that apart from a few details that are part of your profile, no financially sensitive information relating to your payment methods or instruments has been compromised as a result of this dishonest intrusion of our database ,” said the company.
ABFRL also said that it immediately informed the cyber authorities concerned and was taking necessary steps “to nab the culprits”.
“We have also engaged leading forensic security experts to conduct the investigation. While we have a strong security architecture, we will further strengthen our security protocols,” the company said.
alleged data leak brought to the attention Have I been arrested on Saturday by a data breach tracking website. It reported that 5,470,063 accounts of the company were breached and ransom was paid in December last year.
RestorePrivacy reported that the leaked data included ABFRL employee data such as full name, email, date of birth, physical address, gender, age, marital status, salary and religion, as well as hundreds of thousands of invoices and the company’s website source code. server report. In addition, the hacker group is claimed to have access to the credit card details of ABFRL customers.
Cybersecurity researcher Rajasekhar Rajhariya told Gadgets 360 that ShinyHunters can be considered a “credible” hacker group, and if it’s claiming that the data is still in its reach, we can believe it.
“ABFRL must take the claims made by the hacker group seriously and conduct a thorough investigation into how the breach occurred,” he said. “The company should also get its logs checked as the group is claiming to have access to its financial data.”
Rajhariya also noted that the hacker group was claiming that ABFRL was storing its passwords using Message-digesting algorithm 5 (MD5), which is dated algorithm,
“The company must continuously update its algorithms otherwise; affected users will not be able to secure their data even after changing their password. Hacker groups will be able to easily gain access to user data again by exploiting the vulnerabilities of the dated hashing algorithm, said the researcher.
As per the details, ABFRL claims to have over 140,000 employees and has operations in 36 countries across the world. Available on its website. The group has a catalog of lifestyle brands including Louis Philippe, Van Heusen, Alan Solly and Simon Carter. It also has fashion divisions including Pantaloons which are well known among the customers.
You can read the email sent to affected customers and the details sent to Gadgets 360 in their entirety below.
Email: Dear [User],
We hope you are staying safe.
We would like to inform you that an information security incident has occurred that involves illegal and unauthorized access to a portion of our customer database. Earlier this week, we discovered that some of our customers’ profile information had been released to certain cyber forums.
We are fully aware that this will be of great concern to you. As a precautionary measure, we have reset all customer passwords, enabled OTP based authentication, and took more steps to secure access to customer information. If you are using a normal password on other sites, we request you to change it with utmost care. We would like to assure you that apart from certain details that are part of your profile, no financially sensitive information relating to your payment methods or instruments has been compromised as a result of this dishonest intrusion of our database.
We have immediately informed the cyber authorities concerned and are taking necessary steps to nab the culprits. We have also engaged leading forensic security experts to conduct the investigation. While we have a strong security framework in place, we will further strengthen our security protocols.
We are sorry for the inconvenience caused. Thank you for your patronage and your continued trust in our brands. We are committed to ensuring a safe online shopping experience for you.
Aditya Birla Fashion & Retail Limited
(https://www.abfrl.com/)
Statement: ABFRL is probing an information security incident involving unauthorized access to its e-commerce database. The company has engaged forensic security experts for the investigation. It has also informed the concerned authorities and is taking necessary steps to nab the culprits. There has been no operational or commercial impact. As a proactive measure, the company has reset passwords of all customers and enabled OTP based authentication and has taken further steps for secure access to customer and employee information.
,