Aditya Birla Fashion says back after data breach; hackers say site still vulnerable

tech.hindustantimes.com:

Aditya Birla Fashion and Retail Ltd (ABFRL) suffered a data breach on its website and more than 5.4 million email addresses were leaked online earlier this month. The company has now assured that data has been secured. In fact, access to customers' and employees' information has been provided added layers of security. ABFRL sent an email to customers informing them about the incident and reset their passwords as a “proactive” measure.

Though ABFRL is investigating the incident, hackers have claimed that the sites owned by ABFRL are still vulnerable as they still had hidden access to ABFRL data. The hacker group ShinyHunters that has made ABFRL’s database public, revealed Gadgets 360. The message said, “It would be safer not to buy on ABFRL, Jaypore, Pantaloons, and others.”

Meanwhile, ABFRL in its official statement said that the incident will have no operational or business impact on its operations.The company is taking help from forensic security experts to investigate the data breach. ABFRL spokesperson said, "ABFRL is investigating an information security incident that entailed unauthorized access to its e-commerce database."

The leaked database includes customers’ personal information like names, phone numbers, addresses, dates of births, order histories, credit card details, and passwords stored as Message-Digest algorithm 5 (MD5) hashes. Moreover, details of employees, including salary details, religion, and marital status were also leaked. The alleged data leak was brought to notice by data breach tracking website Have I Been Pwned on January 15.

ABFRL has a repertoire of leading brands, such as Louis Philippe, Van Heusen, Allen Solly and Peter England, along with India’s largest value fashion retail brand