Cybercrook shares personal info of 1 million Halara customers on data breach forum

A threat actor has allegedly leaked the personal information of nearly 1 million customers of the activewear brand Halara on a dark web forum.

While the Hong Kong-based athleisure clothing company is investigating the claims, BleepingComputer says it spoke to a hacker who claimed responsibility for leaking the stolen data online.

The person, going the handle ‘Sanggiero,’ said he obtained the data by “exploiting a bug in an API on Halara’s website.”

In his post, shared on Jan 7, Sanggiero uploaded a database containing over 1 million rows of data including, email addresses, first and last names, phone numbers, and full addresses of Halara customers.

"In January 2024, over 1M rows of data from the store company Halara was posted to a popular hacking forum. The data contained 1M unique addressId, first name, last name, phone numbers, country, home address, zip, province, city, iso," Sanggiero’s post reads.

This data was shared for free. The hacker even told BleepingComputer that he chose to release it for free because it would not have a lot of value if he tried to sell it.

Researchers at BleepingComputer also explained that they were able to confirm the validity of a subset of the data they analyzed.

“We contacted multiple people listed in the file and have confirmed that they are all Halara customers and that their listed phone numbers, names, and addresses are accurate,” they said.

If the entire batch of released data proves genuine, cybercrooks can inflict significant damage to victims by launching targeted phishing attacks to convince individuals to disclose sensitive and financial data.

Halara customers should watch out for any unsolicited correspondence and contact the company to verify any data requests.

Need help navigating data breaches?

Use Bitdefender Digital Identity Protection to considerably improve your digital privacy and take action immediately after a breach. Key features include:

- Comprehensive dashboard where you can get an extensive overview of all your personal data, even traces from services you no longer use

- 24/7 monitoring of your data on both the public and Dark Web, immediately notifying you of incidents that may involve your information

- Simple, 1-click action items to instantly shut down any weak spots in your digital footprint