Zara Data Breach Exposes Personal Info of 197,000 Customers
Hackers target old tech provider's vulnerability, exposing user data.
Zara's facing a big data breach. Over 197,000 customers' personal info got exposed. The culprit? ShinyHunters, a well-known extortion group rattling both tech and fashion worlds. Have I Been Pwned, a data breach notification service, reports that email addresses, locations, purchases, and support ticket data are out.
This mess started with a vulnerability in old databases managed by a former Zara tech provider. Zara, part of Spain's Inditex Group, includes brands like Bershka and Massimo Dutti. Inditex assures no names, phone numbers, or payment info were breached. Business is as usual, they say.
The Breach Details
- Affected Data: Email addresses, product SKUs, order IDs, support tickets.
- Source: Breached databases from an old tech provider.
- Security Response: Security protocols kicked in. Authorities notified.
Who exactly messed up? Inditex hasn't pinned down the threat actor or the breached provider. ShinyHunters, the group claiming the hit, leaked a 140GB archive. They say it’s from BigQuery instances breached via Anodot tokens.
Context: Inditex's Global Reach
Inditex runs over 1,500 stores worldwide. This breach shows how vulnerable big retail chains are, tangled up in international operations and third-party tech providers.
How It Compares
Zara's breach is big, but not unique. ShinyHunters have hit big names like Google and Cisco before. They exploit vulnerabilities across the board, often using vishing campaigns to hack corporate accounts and SaaS apps.
What's Still Unclear:
- Who's the former tech provider that slipped up?
- How much data was really compromised beyond the 197,400 confirmed?
- Have new security measures been put in place to prevent another attack?
Why This Matters:
This breach highlights the growing risk of cyberattacks on global retail giants. It stresses the need for strong cybersecurity and vigilance, especially with third-party vendors. As cyber threats get smarter, companies must protect data to keep consumer trust and sensitive info safe.
More from Security
Ransomware Disrupts 8,800 Schools via Canvas During US Finals
A cyberattack on Canvas by ShinyHunters disrupted exams in 8,800 schools, affecting millions of students across the US.
Three Charged in $1.2M Apple Truck Hijacking
Three men have been charged in connection with the armed hijacking of a truck carrying over $1 million in Apple products earlier this year.
DNS Glitch Affects .de Domains: DENIC's Explanation
A key collision issue caused a DNS glitch for .de domains. DENIC gives some explanations, but future prevention remains uncertain.
Apple and Meta Oppose Canada's Bill C-22 Over Encryption Concerns
Apple and Meta are standing against Canada's Bill C-22 over concerns it could weaken encryption. The privacy stakes are high.