U.S. fast fashion retailer Hot Topic had its customers' data compromised following a series of credential stuffing attacks in November, reports BleepingComputer.
Threat actors leveraging email accounts and passwords stolen from a third party deployed intrusions against the clothing chain's website and mobile app to breach Hot Topic Rewards accounts between Nov. 18 and 19 and on Nov. 25, allowing access to customers' names, birthdates, mailing and email addresses, phone numbers, and partial payment data, said Hot Topic in breach notification letters issued this week.
"Based on our investigation to date, we are not able to determine which, if any, accounts were accessed by unauthorized third parties as opposed to legitimate customer logins during the relevant time periods," added Hot Topic.
Impacted individuals have been urged to promptly reset their passwords. Such a development comes after Hot Topic reported being impacted by five waves of credential stuffing attacks between February and June last year.