Aditya Birla Fashion and Retail Limited (ABFRL), one of India's largest fashion retailers, has been the victim of major data breaches. Data with more than 5.4 million email addresses was allegedly leaked to the Aditya Birla Group hosted and posted online. The alleged website includes customer personal information such as names, phone numbers, addresses, birthdays, order histories, credit card details, and passwords stored as Message-Digest algorithm 5 (MD5). The data breach is said to include employee details including details of salary, religion, and marital status.
The alleged website Aditya Birla Fashion and Retail has been made public by a hijacking group known as ShinyHunters. News of ABFRL account breaches was reported to certain affected customers through the Have I Been Pwned data violation website. An estimated 5,470,063 accounts of Aditya Birla Fashion and Retail Limited were allegedly broken and redeemed in December last year. The need for a ransom for a criminal group is suspected to have been denied, and the data was then publicly sent to a notorious criminal court.
A large amount of data also includes source code, "Troy Hunt, creator of the Have I Been Pwned website, tells Gadgets 24." There is a lot of personal information for customers, but also for staff. I don’t know why they keep PII critical as a religion, as well as personal things like marital status. It is not yet clear why this might be necessary for a person to do his job. "
Hunt also noted that there was not much from ABFRL on the matter.
"The information is still widely circulated in the forums but as far as I know, they will still inform customers. That is for no reason," he said.
ShinyHunters has been able to access the ABFRL website for weeks, according to a report by RestorePrivacy. According to the report, the alleged hacking information included details of ABFRL staff members such as full name, email, date of birth, physical address, gender, age, marital status, salary, religion and more. It is also said to contain ABFRL customer data and hundreds of thousands of invoices as well as company website source code and server reports.
24 gadgets were able to independently verify the existence of a post post created by ShinyHunters to announce data leaks.
"We tried to contact ABFRL. They sent a comment but it just stopped (the offer sounded like 'US $ 45-Billion conglomerate'. So we decided to give you everything guys, including their popular categories. Like Pantaloons.com or Jaypore. com, "a group of hijackers noted in a post on January 11. However, the exact amount requested for payment is unknown.
According to the RestorePrivacy report, the data includes server logs and exposure reports for ABFRL Indian products including American Eagle, Pantaloons, Forever21, The Collective, Van Heusen, Peter England, Planet Fashion, and Shantanu & Nikhil.
The leaked website is said to be compiling financial and transaction information containing 21GB of ABFRL invoices. ShinyHunters has informed RestorePrivacy to obtain ABFR customer credit card data, especially for Pantaloons. ABFRL employees are said to be aware that ShinyHunters has this information.