Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.
The Hong Kong company was founded in 2020 and quickly became very popular through the many videos promoting its clothing on TikTok.
Halara told BleepingComputer that it is aware that customer data was allegedly stolen and leaked online and is investigating a potential breach.
This comes after a person named 'Sanggiero' claimed to have breached Halara earlier this month and shared a text file containing stolen customer data on a hacking forum and a Telegram channel.
"In January 2024, over 1M rows of data from the store company Halara was posted to a popular hacking forum. The data contained 1M unique addressId, first name, last name, phone numbers, country, home address, zip, province, city, iso," reads a post from Sanggiero.
Forum post about alleged Halara data breachSource: BleepingComputer
It should be noted that the forum post uses an incorrect logo for Halara and instead uses one for a cannabis company that was not breached.
BleepingComputer has reviewed the leaked data, and while Sanggiero says it contains 1 million lines of data, the text file only contains 941,910 records.
While BleepingComputer has not been able to confirm if all of the data is accurate, we contacted multiple people listed in the file and have confirmed that they are all Halara customers and that their listed phone numbers, names, and addresses are accurate.
In a conversation with BleepingComputer, Sanggiero says that they obtained the data by exploiting a bug in an API on Halara's website, which they say is still unfixed.
Sanggiero said they did not contact Halara about the stolen data ..
Support the originator by clicking the read the rest link below.
