Hackers have leaked sensitive information on almost a million people claimed to be customers of Hong Kongbased activewear firm Halara.
A hacker under the alias Sanggiero posted a new thread on a dark net forum, and in a Telegram channel, with the details of the hack.
“In January 2024, over 1M rows of data from the store company Halara was posted to a popular hacking forum. The data contained 1M unique addressId, first name, last name, phone numbers, country, home address, zip, province, city, iso,” the post allegedly reads.
Vulnerable API
Analysis of the database posted there appeared to confirm that at least some of the information posted there is accurate. For example, while the hacker claims to have information on a million people, the database contains 941,910 records. Furthermore, the hacker used an incorrect logo for Halara, posting one that belongs to an unrelated cannabis company.
BleepingComputer did reach out to some of the people whose information was posted in the database, and confirmed that the data is correct. The publication also confirmed that the people were indeed customers of Halara.
This means that whoever takes the information could use it to craft crediblelooking phishing emails, or engage in identity theft.
The company was said to be investigating the matter now.
Halara is a sports apparel company, selling what’s known as “athleisure” clothes. It was founded in 2020, and gained huge popularity via short videos shared on TikTok.