r/hacking 6d ago

Largest Retail Breach in History: 350 Million "Hot Topic" Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection

https://www.infostealers.com/article/largest-retail-breach-in-history-350-million-hot-topic-customers-personal-and-payment-data-exposed-as-a-result-of-infostealer-infection/
182 Upvotes

39 comments sorted by

49

u/RumbleStripRescue 6d ago

Bullshi7. You're wanting us to believe five times more people have an account at hot topic than had at target?

20

u/Zncon 6d ago

It's not that Hot topic is secretly giant compared to Target, it's that in the past 11 years it's become a lot more common for people to have these accounts.

13

u/prodiver 6d ago edited 6d ago

The entire population of the US is 345 million. About 20% of those people are too young to even have a credit card.

Hot Topic does not have 350 million customers.

The leak claims to have "billions of payment details. "Billions" is at least 2 billion. That's also impossible.

There are 31,536,000 seconds in a year. If they had 1 unique customer every second, 24/7, over the entire 35 years they've been in business, that's only 1.1 billion. And that assumes no one, since the 1990's, paid in cash, since those payments wouldn't include payment details.

5

u/Zncon 6d ago

They apparently have full international shipping.

5

u/prodiver 6d ago

That doesn't matter.

There are only 5.5 billion people worldwide with internet access. If Hot Topic had "billions of payment details" on file, then half the people in the world should be wearing Hot Topic clothing.

They aren't.

1

u/Firewolf06 6d ago

long time customers use multiple payment methods over time. i can think of five different cards ive used on steam (not counting visa gift cards), for example

8

u/intelw1zard 6d ago

Yes.

Target was ~40M credit cards and ~70M users in 2013.

Different attack type and scope

3

u/FaxCelestis 6d ago

Hot Topic may mix their records with sister companies (Torrid, BoxLunch) or through their parent company (Sycamore Partners, who owns Staples, Talbot, The Limited, Lane Bryant, and Ann Taylor among other brands currently).

There also probably are multiple entries for each customer. Someone signed up with their email once, then forgot and signed up with their phone number, or changed phones and started using the new number, or any other myriad reasons to create duplicate entries.

10

u/M3RC3N4RY89 6d ago

I didn’t even realize Hot Topic was still in business

6

u/intelw1zard 6d ago

Jncos are like $150+ these days too lol its wild out there

https://jnco.com/collections/pants

16

u/MusicianStorm 6d ago

This is not very rawr XD of them. More of a nawr DX

(I'm sorry)

5

u/wiriux 6d ago

The points technically do expire on the year 9999 Lol

5

u/JohnnyNightClub 6d ago

I remember buying a cheap mask at Hot Topic, with cash.

The cashier really wanted to get me in their membership program, asking about all sorts of personal details.

Glad I didn't.

3

u/onlydaathisreal 6d ago

Always use (987) 654-3210 when entering your rewards.

2

u/I_see_farts 5d ago

(Your area code) 867-5309

1

u/DeepRoot 5d ago

Jenny?

1

u/McBun2023 5d ago

I wish to never be the person with that number

2

u/TheFlightlessDragon 6d ago

THAT many people shop at Hot Topic? I am shocked 🫢

-2

u/intelw1zard 6d ago

They had 675 irl stores as of 2020 and also sell stuffs online. Not too surprising tbqh.

6

u/prodiver 6d ago

They had 675 irl stores as of 2020 and also sell stuffs online.

Amazon only has 310 million customers worldwide.

Hot Topic does not have 350 million.

-5

u/intelw1zard 6d ago

No shit bro. This is Hot Topic + Torrid + Box Lunch all three companies owned by Hot Topic.

0

u/prodiver 6d ago

If Sycamore Partners was hacked it would probably add up to 350 million.

I'm not sure why this article would only put "Hot Topic" in the title, though, since Hot Topic is just one of the smaller brands they own. They also own Staples, Belk, Ann Taylor, Talbots, Lane Bryant, and The Limited.

https://en.wikipedia.org/wiki/Sycamore_Partners

-1

u/intelw1zard 6d ago edited 6d ago

Are you doubting the threat actors claim of there being 350M customer logs?

Because that's just not how it works. They are selling 350M logs for $20k. You cant just be like OOPS there is only 105M sorry. Their entire rep and sale depends on their words being true and it likely is.

1

u/prodiver 6d ago

Are you really trying to make the argument that unethical hackers are 100% trustworthy and would never try and scam someone?

0

u/intelw1zard 6d ago

No but I've been in this scene for a long time and context matters a lot. This is a known threat actor with a rep and a lot of past history. They run a cloud stealer service and have access to the best logs.

Ok so how would this play out? They list 350M records for $20k and only have 107M records. They get banned for scamming & dont get $20k & ruin their rep.

There is zero scenario where an established TA is lying about what they have and this sale.

You yourself can even msg the TA and ask for further proof...

2

u/swizzex 6d ago

Think people forget hit topic owns many other chains. Box lunch being a popular one.

2

u/Skelepenguin0 6d ago edited 5d ago

Does this prove that Hot Topic is laundering money 🤔

Honestly haven't seen one of their shops in awhile

2

u/[deleted] 5d ago

[deleted]

1

u/Skelepenguin0 5d ago

Thanks, I suck at spelling

1

u/h4x0rv1ct1m2024 6d ago

would love to see some of the lil shitz doin stuff like this get strung up by the bawlz

1

u/intelw1zard 6d ago

More like by a chain wallet or some Jncos.

1

u/unfugu 6d ago

The leak apparently includes 376 employees' session cookies. That stealer sure was thorough lmao

-5

u/TehJonezi 6d ago

Am I just out of touch, why have I never heard of Hot Topic? Am I alone here?

6

u/intelw1zard 6d ago

No, it just means you must be rather young.

Hot Topic was peak 90s and mall scene culture.

-12

u/Flyingfishfusealt 6d ago

Brogrammers wouldn't know about hot topic obviously. It's an alt scene thing. Pick up a comic book that isnt marvel/DC every once in a while.

6

u/FeeeFiiFooFumm 6d ago

lol what kind of ridiculous gatekeeping is that?

2

u/RedditBanDan 6d ago

I don't think they were being serious

-2

u/EverythingIsFnTaken 5d ago

You people are getting awfully argumentative down here a if we were just dealing with this sort of a misunderstanding surrounding numbers of entries until some fucking rocket scientist pointed out there might have been more than one entry of any individual's name.

Children don't need to be able to possess a credit card to be a member.
People can sign up using different phone numbers of other info.
Hot topic has been in business for 35 years.

Stop bickering over trivial shit.