Security News > 2024 > March > Retail chain Hot Topic hit by new credential stuffing attacks
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.
The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company's headquarters, and two distribution centers.
Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.
The retail chain worked with external cybersecurity experts after the November attacks to deploy bot protection software that should block such attacks in the future.
Hot Topic will also require customers who receive the data breach notifications to set a new password to prevent other threat actors from hijacking their Hot Topic web or mobile accounts.
This notification comes after five other waves of credential attacks targeted Hot Topic customers last year on February 7, March 11, May 19-21, May 27-28, and June 18-21.