Hackers have leaked sensitive information on almost a million people claimed to be customers of Hong Kong-based activewear firm Halara.
A hacker under the alias Sanggiero posted a new thread on a dark net forum, and in a Telegram channel, with the details of the hack.
“In January 2024, over 1M rows of data from the store company Halara was posted to a popular hacking forum. The data contained 1M unique addressId, first name, last name, phone numbers, country, home address, zip, province, city, iso,” the post allegedly reads.
Vulnerable API
Analysis of the database posted there appeared to confirm that at least some of the information posted there is accurate. For example, while the hacker claims to have information on a million people, the database contains 941,910 records. Furthermore, the hacker used an incorrect logo for Halara, posting one that belongs to an unrelated cannabis company.
BleepingComputer did reach out to some of the people whose information was posted in the database, and confirmed that the data is correct. The publication also confirmed that the people were indeed customers of Halara.
This means that whoever takes the information could use it to craft credible-looking phishing emails, or engage in identity theft.
The company was said to be investigating the matter now.
BleepingComputer also managed to contact Sanggiero, who claim to have stolen the data via a vulnerability in an API on the Halara website. The database isn’t of much value to them, which is why they decided to share it online for free. No contact with the victim was made, apparently.
Halara is a sports apparel company, selling what’s known as “athleisure” clothes. It was founded in 2020, and gained huge popularity via short videos shared on TikTok.
