Hackers breached databases of a former technology provider used by Zara (Inditex), exposing data of 197,400 people including email addresses, geographic locations, purchases, and support tickets. The ShinyHunters extortion gang claimed responsibility, alleging they used compromised Anodot authentication tokens to access BigQuery instances and steal a 140GB archive. Inditex confirmed the breach originated from a third-party provider and stated that names, phone numbers, addresses, credentials, and payment data were not compromised. Have I Been Pwned has added the breach to its database. ShinyHunters has been linked to numerous other high-profile breaches including Google, Cisco, Match Group, and others via similar SaaS credential theft campaigns.
Table of contents
Related Articles:Sort: