A hand on the keyboard is seen with binary code displayed on a laptop screen in this illustration photo
Image Courtesy: Jakub Porzycki

Aditya Birla Fashion portal faces data breach, over 700 GB of data leaked online

One of India’s largest fashion retail companies, Aditya Birla Fashion and Retail Ltd. (ABFRL), has been the victim of a massive data breach. Over 700 GB of Data which includes more than 5.4 million email addresses were allegedly scraped and leaked online from the Aditya Birla Group-owned platform.

A hand on the keyboard is seen with binary code displayed on a laptop screen in this illustration photo
Image Courtesy: Jakub Porzycki

Customer’s personal information including names, addresses, phone numbers, order details, dates of birth, credit card details, and passwords are purportedly stored in the alleged database as Message-Digest algorithm 5 (MD5) hashes. The data leak is believed to also include employee information such as salary, religion, as well as marital status.

“ABFRL is investigating an information security incident regarding unauthorized access to its e-commerce database,” an ABFRL spokesperson confirmed. He did, however, claim that there has been no operational or business impact. “As a pro-active measure, the company has reset passwords of all customers and enabled OTP-based authentication and taken further steps to secure access to customer and employee information,” the spokesperson added.

ShinyHunters, a hacker group, has made the claimed Aditya Birla Fashion and Retail database public. Have I Been Pwned, the data breach tracking website notified some impacted customers of an ABFRL account breach. In December of last year, it is reported that 5,470,063 Aditya Birla Fashion and Retail Limited accounts were breached and ransomed. The ransom demand made by the hacker group was apparently denied, and the information was then made public on a popular hacking forum.

According to a report by RestorePrivacy, ShinyHunters had full access to the ABFRL database for several weeks. According to the report, the data was allegedly compromised including full names, email addresses, dates of birth, physical addresses, gender, age, marital status, pay, religion, and more for ABFRL employees. It is also reported to contain ABFRL customer data, hundreds or even thousands of invoices, as well as the company’s website source code and server logs.

The leaked database is reported to contain financial and transaction details, as well as 21GB of ABFRL invoices. ShinyHunters told RestorePrivacy that they had sourced credit card information from ABFR customers, particularly Pantaloons. ShinyHunters is reported to have such data, according to ABFRL employees.

With a turnover of Rs 5,181.14 crore in FY21, Aditya Birla Fashion and Retail Ltd. (ABFRL) is an Indian fashion retail company headquartered in Mumbai. The company owns and operates 3,264 stores as well as about 26,841 multi-brand outlets as of September 30, 2021. Its portfolio includes top brands including Louis Philippe, Peter England, Allen Solly, and as well as Van Heusen, Pantaloons, India’s largest value fashion retailer brand.