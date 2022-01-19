Aditya Birla Fashion and Retail (ABFRL) websites are still vulnerable and dangerous for customers, the hacker group that allegedly leaked company data said in a conversation with Gadgets 360. The data emerged in line were 700 GB in size and included more than 5.4 million customer and employee email addresses that were allegedly removed from the fashion retail giant’s platform, researchers said. The company, however, said its access to customer and employee information is secure. It also emailed customers notifying them of the incident and resetting their passwords as a proactive measure.

Hacking group ShinyHunters told Gadgets 360 that sites owned by Aditya Birla Fashion and Retail (ABFRL) are still vulnerable. It would be safer not to buy on ABFRL, Jaypore, Pantaloons and others, he alleged.

The hacker group also claimed that they still had hidden access to ABFRL data. Gadgets 360 has been unable to independently verify the hacker group’s claims. When questioned, ABFRL said its access to customer and employee information was secure.

ABFRL is investigating an information security incident that resulted in unauthorized access to its e-commerce database, an ABFRL spokesperson said in a statement emailed to Gadgets 360. The company has hired forensic security experts to conduct an investigation. It has also informed the competent authorities and is taking the necessary measures to bring the culprits to justice. There was no operational or commercial impact.

As a proactive measure, the company reset all customers’ passwords and enabled OTP-based authentication and took additional steps to secure access to customer and employee information, the spokesperson said. .

The ABFRL also sent an email to its customers on Tuesday informing them of the illegal and unauthorized access to part of its customer database.

Earlier this week, we discovered that some of our customers’ profile information was posted in certain cyber forums. We are fully aware that this would be of great concern to you, the Mumbai-based company said in the email.

The company also noted that it had reset the passwords of all its customers as a precautionary measure and enabled one-time password (OTP) authentication. He also claimed that new measures had been taken to secure access to customer information.

In case you have used common passwords on other sites, we ask you to change them, as a precaution. We would like to assure you that, apart from certain details which form part of your profile, no financially sensitive information relating to your payment methods or instruments has been compromised as a result of this unscrupulous intrusion into our database. , the company said.

The ABFRL also said that it immediately notified the relevant cyber authorities and was taking the necessary steps to bring the culprits to justice.

We have also engaged leading forensic security experts to conduct an investigation. Although we have a robust security architecture, we will further strengthen our security protocols, the company said.

The alleged data breach was reported on Saturday by data breach tracking website Have I Been Pwned. He reported that as many as 5,470,063 company accounts were hacked and ransomed in December last year.

RestorePrivacy reported that the leaked data included ABFRL employee data such as full name, email, date of birth, physical address, gender, age, marital status , salary and religion, as well as hundreds of thousands of invoices and the company’s website source code and server reports. Furthermore, the hacker group would have access to the credit card details of ABFRL customers.

Cybersecurity researcher Rajshekhar Rajaharia told Gadgets 360 that ShinyHunters could be considered a “trusted” group of hackers, and if he claims the data is still accessible, we might believe him.

The ABFRL should take the hacker group’s claims seriously and fully investigate how the breach occurred, he said. The company should also have its logs checked, as the group claims to have accessed its financial data as well.

Rajaharia also noted that the hacker group claims that ABFRL stores its passwords using message digest algorithm 5 (MD5), which is a dated algorithm.

The company must constantly update its algorithms otherwise; affected users would not be able to secure their data even after changing their passwords. The hacker group could easily re-access user data by exploiting vulnerabilities in the dated hashing algorithm, the researcher said.

ABFRL is said to have more than 140,000 employees and operates in 36 countries around the world, according to details. available on its website. The group has a list of lifestyle brands, including Louis Philippe, Van Heusen, Allen Solly and Simon Carter. It also has fashion divisions, including pants known to customers.

You can read the email sent to affected customers and the statement sent to Gadgets 360 in full below.

Email: dear [User], We hope you are staying safe. We would like to inform you that there has been an information security incident which has resulted in illegal and unauthorized access to part of our customer database. Earlier this week, we discovered that some of our customers’ profile information was posted in certain cyber forums. We are fully aware that this would be of great concern to you. As a precaution, we have reset passwords for all customers, enabled OTP-based authentication, and taken additional steps to secure access to customer information. In case you have used common passwords on other sites, we ask you to change them, as a precaution. We would like to assure you that, apart from certain details which form part of your profile, no financially sensitive information relating to your payment methods or instruments has been compromised as a result of this unscrupulous intrusion into our database. . We immediately notified the relevant cyber authorities and are taking the necessary steps to bring the culprits to justice. We have also engaged leading forensic security experts to conduct an investigation. Although we have a robust security architecture, we will further strengthen our security protocols. We regret the inconvenience caused. Thank you for your patronage and continued trust in our brands. We are committed to providing you with a secure online shopping experience. Aditya Birla Fashion and Retail Ltd

(https://www.abfrl.com/)