Aditya Birla (ABFRL) fashion and retail websites remain vulnerable, hackers claim; Company says ‘Access is secured’
The Aditya Birla (ABFRL) fashion and retail websites remain vulnerable and unsafe for customers, the hacker group that allegedly leaked the company’s data announced in a chat with Gadgets 360. According to researchers, millions of customer and employee email addresses have allegedly been removed from the retail giant’s platform. fashion. However, the company says that its access to customer and employee information is confidential. It also sent an email to customers to notify them of the problem and reset their passwords as a “proactive” measure.
Hacker group ShinyHunters told Gadgets 360 that the site is owned by Aditya Birla . Fashion and Retail (ABFRL) remains vulnerable. “It is safer not to buy on ABFRL, Jaypore, Pantaloons and others,” it alleged.
The hacker group also claims that they still have hidden access to the ABFRL data. Gadgets 360 was unable to independently verify the hacker group’s claims. When asked, ABFRL said that its access to customer and employee information is confidential.
“ABFRL is investigating an information security incident that resulted in unauthorized access to their e-commerce database,” an ABFRL spokesperson said in an emailed statement to Gadgets 360. “The company has invited forensic security experts to conduct an investigation. It has also informed the relevant authorities and is taking the necessary steps to bring the perpetrators into custody. Without any operational or business impact. ”
“As a proactive measure, the company has reset the passwords of all customers and enabled OTP-based authentication and has taken further steps to secure access to customer and employee information, ” said the spokesman.
ABFRL on Tuesday also sent an email to its customers to notify them of “illegal and unauthorized access to a portion” of its customer database.
“Earlier this week, we discovered that the profile information of some of our customers had been leaked to several online forums. We fully know this will interest you very much,” the Mumbai-based company said in the email.
The company also notes that it resets the passwords of all its customers as a “precautionary measure” and enables one-time password (OTP)-based authentication. It also states that further steps have been taken to secure access to customer information.
“In case you are using a common password on other websites, we ask that you change the same password, as a precaution. We want to assure you that other than some of the details located in your records, no financially sensitive information regarding your payment methods or instruments, has been compromised as a result of your actions. violate our database in an unscrupulous manner,” the company said.
The ABFRL also said it had immediately contacted the relevant network regulators and was taking the necessary steps to “bring the perpetrators to their feet”.
“We have also invited leading forensic security experts to conduct an investigation. While we have a strong security architecture, we will further strengthen our security protocols,” the company said.
The alleged data leak is given to notice by data breach tracking website Have I Been Pwned on Saturday. It reported that as many as 5,470,063 company accounts were compromised and ransomed last December.
RestorePrivacy reports that the leaked data includes ABFRL employee data such as full name, email, date of birth, physical address, gender, age, marital status, salary and religion, as well as hundreds of thousands of chemicals. corporate website menu and source code and reporting server. Furthermore, the hacker group is said to have access to the credit card details of ABFRL customers.
Cybersecurity researcher Rajshekhar Rajaharia told Gadgets 360 that ShinyHunters can be seen as a “trusted” group of hackers, and if they claim that the data is still in their access, we can count on it. that.
“ABFRL should take the hacker group’s claims seriously and thoroughly investigate how the breach happened,” he said. “The company should also check their logs as the team also claims to have access to its financial data.”
Rajaharia also noted that the hacker group claimed that ABFRL was storing their passwords using message message algorithm 5 (MD5), which is a date algorithm.
“The company should constantly update its algorithms otherwise; Affected users will not be able to secure their data even after changing their password. The hacker group will easily gain access back to the user’s data by exploiting the vulnerabilities of the deterministic hash algorithm,” the researcher said.
ABFRL is said to have more than 140,000 employees and operations spanning 36 countries globally, details available on its website. The group owns a portfolio of lifestyle brands that includes Louis Philippe, Van Heusen, Allen Solly and Simon Carter. It also has fashion divisions including Pantaloons known to customers.
You can read the full email sent to affected customers and the report sent to Gadgets 360 below.
Email: Dear [User],
We hope you are safe.
We would like to inform you that there has been an information security incident that has resulted in illegal and unauthorized access to part of our customer database. Earlier this week, we discovered that the profile information of some of our customers had been leaked to several online forums.
We are fully aware that this will be of great interest to you. As a precaution, we have reset the passwords of all customers, enabled OTP-based authentication, and taken further steps to secure access to customer information. In case you are using a common password on other websites, we ask that you change the same password, as a precaution. We want to assure you that other than certain details of your profile, no financially sensitive information related to your payment methods or instruments has been compromised as a result of unscrupulous intrusion into our database.
We have immediately contacted the relevant network regulators and are taking the necessary steps to bring the perpetrators to their senses. We also invited leading forensic security experts to conduct an investigation. While we have a strong security architecture, we will further strengthen our security protocols.
We are sorry for the inconvenience caused. Thank you for your patronage and your trust in our brand. We are committed to ensuring a safe online shopping experience for you.
Aditya Birla Fashion and Retail Ltd
(https://www.abfrl.com/)
Statement: ABFRL is investigating an information security incident that resulted in unauthorized access to its e-commerce database. The company has invited forensic security experts to conduct the investigation. It has also informed the relevant authorities and is taking the necessary steps to bring the perpetrators into custody. No operational or business impact. As a proactive measure, the company has reset the passwords of all customers and enabled OTP-based authentication and has taken further steps to secure access to customer and employee information.
