• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

Aditya Birla Fashion and Retail Ltd. (ABFRL) Hacked — All Data Leaked Online

January 11, 2022 By Sven Taylor — 7 Comments
ABFRL Hack

One of the largest fashion and retail outlets in the world has been breached by a high-profile hacking group that goes by the name of ShinyHunters. The hackers exfiltrated data from ABFRL servers and then demanded payment. Now that negotiations have failed, ShinyHunters has published all of the data online, including 5.47 million email addresses. We have examined the data and obtained exclusive commentary from ShinyHunters for this report.

Update 1: Cybersecurity researcher Troy Hunt has now added the data from this breach to the Have I Been Pwned database. (January 14, 2021)

Update 2: ABFRL has finally acknowledged the data breach in an email to customers. (January 17, 2021)

Update 3: ShinyHunters has informed us that ABFRL’s fashion websites are still exposed and unsecured, despite the company’s claims that the problems are fixed. (January 18, 2021)

Aditya Birla Fashion and Retail Ltd. (ABFRL) is a large conglomerate retail outlet with 3,212 retail stores throughout India and over 22,000 employees. It is a subsidiary of the Aditya Birla Group, which spans numerous sectors and has annual revenues of $45 Billion.

Earlier today, the high-profile hacking group ShinyHunters leaked all of the data from its hack of ABFRL on an underground hacking forum. ShinyHunters is the same group that has hacked many other large businesses, including Microsoft, Tokopedia, Pixlr, Mashable, Minted, and more.

ShinyHunters explained that they have had access to the ABFRL network for many weeks

What data has been published?

ShinyHunters has now published private data from ABFRL that includes:

  • ABFRL employee data (full name, email, birth date, physical address, gender, age, marital status, salary, religion, and more)
  • ABFRL customer data and hundreds of thousands of invoices
  • ABFRL website source code and server reports

Are you a customer or employee of ABFRL and have been notified of this data breach?

Please contact us here to provide additional details.

Negotiations failed, data posted online for free

The post and data are publicly available right now, and have been downloaded by others, but you need to be a member of the hacking forum to view the content. In the original post, ShinyHunters explained the rationale for releasing the data as follows:

We tried to get in touch with ABFRL. They sent a negotiator but he was just stalling (the offer was more than reasonable for a “US$ 45-Billion conglomerate”).
So we decided to leak everything for you guys including their famous divisions such as Pantaloons.com or Jaypore.com.

-ShinyHunters, January 11, 2022

Below is the original source of this leak documenting that we captured on the hacking forum.

ABFRL Data Breach 2022
The original post where the hackers made the data publicly available.
Source: RestorePrivacy.com

The post above does not discuss the exact amount that the hackers requested for payment, or when exactly ABFRL was first breached by the group.

ABFRL data analysis

We have now obtained the data from ABFRL for our own analysis. The data is broken down into three large files and available for free.

Based on our initial analysis, we are seeing sensitive corporate data from many clothing brands that fall under the ABFRL umbrella in India. One batch of data that we have analyzed includes server logs and vulnerability reports for the following clothing brand websites in India:

  • American Eagle
  • Pentaloons
  • Forever21
  • The Collective
  • Van Heusen
  • Shantanu and Nikhil
  • Planet Fashion
  • Simon Carter
  • Peter England
ABFRL data

Another batch of data we analyzed contains financial and transaction information, with 21 GB of ABFRL invoices, including sensitive payment details, and customer information.

Update: ShinyHunters told us that they have extensive credit card data from ABFRL customers, specifically from Pantaloons.com, and this was communicated to ABFRL staff about two months ago. However, we are told that nothing has been done and it does not appear that anyone was notified about the breach.

ABFRL has not commented on (or denied) the breach

We contacted ABFRL’s press team to provide any comment on this story. So far, neither ABFRL nor the parent company, Aditya Birla Group, have commented on the data breach on any of their websites.

The parent company’s business reach spans many countries around the world. It is a large player in many industries.

Aditya Birla Group industries

We have not yet received any response, but will monitor the situation and update this article with any new information.

Potential impact of data breach for ABFRL employees, customers, and affiliates

With the amount of sensitive data in this release, many people could be impacted.

As we noted above, there is lots of private information that has already been released, including sensitive payment details. This puts ABFRL customers, employees, and affiliates at risk of:

  • financial fraud
  • identity theft
  • phishing attempts
  • social engineering attacks
  • hacked accounts
  • social security scams

As always, we recommend closely monitoring your bank statements, credit cards, financial information, email, and all online accounts for fraudulent activity.

Business model: Exfiltrate data, then demand ransom payment (without encryption)

Many people are aware of ransomware and the business model that goes with it. This involves hacking a server or network, encrypting the files, and then demanding a payout from the victim. This has been a popular attack for years as it encrypts files and prevents access with everything being encrypted with a private key.

However, we are now seeing a trend that does not involve encryption. In this new business model, a threat actor simply exfiltrates as much data as possible, and then demands a payment from the victim, with the threat of releasing all data should the negotiations fail.

Because the release of this data could be very expensive for a business, many are willing to negotiate a payment to make the problem go away and have the data deleted. This is particularly the case as we see class action lawsuits for data breaches and other long-term costs associated with networks and servers being hacked.

In short, it is often cheaper to pay a hacker to not publicly release the data than pay for the implications of the breach. Additionally, many hacking and ransomware groups will offer to assist the victim in patching security vulnerabilities that resulted in the hack.

ABFRL is ShinyHunters’ first big leak of 2022

As we noted above, ShinyHunters is a prolific and well-known hacking group. The hack of ABFRL marks the group’s first major release of 2022.

You can see other victims of ShinyHunters on the group’s Wikipedia page here. The group’s previous exploits include:

  • Microsoft â€“ 500 GB of Microsoft source code stolen and sold online
  • Mashable â€“ 5.22 GB of company and staff data
  • Tokopedia â€“ 91 million user accounts
  • Pixlr â€“ 1.9 million user accounts
  • 123RF â€“ 8.3 million user accounts
  • Wattpad â€“ 270 million user records
  • Pluto TV â€“ 3.2 million Pluto TV user records
  • Animal Jam â€“ 46 million accounts leaked
  • WedMeGood â€“ 41.5 GB of user data
  • BigBasket â€“ 20 million user accounts
  • Dave.com â€“ 7 million user accounts
  • Couchsurfing.com â€“ Data from 17 million users
  • Dunzo â€“ 11 GB of company data
  • Nitro PDF â€“ 77 million user records
  • Bhinneka â€“ 1 million user accounts
  • Minted â€“ 5 million accounts leaked
  • ProctorU â€“ 444,267 accounts
  • Bonobos â€“ Full backup database with 7 million customers and 1.8 million registered users
  • Swvl â€“ 4 million users
  • Mathway â€“ 25 million records
  • Wishbone app â€“ 40 million user records

Note: This list is not exhaustive.

We will continue to monitor the situation with the ABFRL hack and update this article as more information becomes available.

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. NONONO

    January 14, 2022

    Can you please write an article that explains what SOCKS are? Should I use them on top of VPN?

    Reply
    • Sven Taylor

      January 14, 2022

      No, you do not need to be using a SOCKS proxy, unless you have some specific need to for accessing services. From the Perfect Privacy website:

      SOCKS5 proxies
      Besides HTTP proxies we also offer using our SOCKS5 proxies. SOCKS5 proxies in contrast to HTTP, work protocol independent and in principle can handle any type of traffic. Many clients support the use of a SOCKS5 proxy and allow the externally visible IP address being one of the proxy servers in use.
      Like HTTP, SOCKS5 proxies can be used either separately or in combination with a VPN. However, like HTTP, SOCKS5 proxies do not offer encryption on its own. Therefore this again has to be ensured separately.

      So as you can see, there is no additional encryption, security, or privacy benefit to a SOCKS proxy. However, you may want to use a SOCKS proxy if you are trying to access specific services (or servers), which may be blocking the VPN server’s IP addresses. So it is really about access and a specific use case where you would need a proxy to gain access.

      Aside from Perfect Privacy, NordVPN also offers SOCKS proxies with any VPN subscription (with no additional charges).

      Reply
      • NONONO

        January 15, 2022

        I see thx

        Reply
  2. Alma

    January 12, 2022

    Nice to see that companies show some balls and stand up to these parasites.

    Reply
  3. BoBeX

    January 12, 2022

    Hi Sven,

    Great article and investigation.

    It is always so disappointing when a company won’t do the right thing and notify the victims.
    There really needs to be an international agreement on protecting employees and customers;
    Cyber-crime is boarder-less, and there isn’t a country in the world that would welcome their citizens being exploited by criminals. Why can’t we come to an international agreement on this? (rhetorical)

    Have they dumped the credit card data in what you have downloaded or is it just the personal information?
    I would have guessed credit card data would have a salable value and could be leveraged easily?

    You note that there is a trend not to encrypt with ransomware.
    The last I heard (and I don’t follow too closely) was that there was a trend to not only encrypt but to also exfiltrate;
    Where the analysis was that exfiltration was secondary to the encryption, and served to add further leverage over the victimised organisation.
    Can you offer any insight into why the modus operandi may have changed?

    Regards,

    BoBeX

    Reply
    • Sven Taylor

      January 12, 2022

      There’s definitely still ransomware attacks going on all over the world where systems get encrypted and data is exfiltrated. But threat actors are increasingly just taking the data and demanding a payout (or extortion) to delete the data. In other words, they don’t need to encrypt files, because they have enough leverage (usually) by just threatening to release the data that was breached.

      Edit: I found an article on cyber threat strategies that explains this in more detail.

      Reply
      • edxo

        January 12, 2022

        You are wrong, bobex. The Shiny group did it first with Medlife and Upstox, then some hackers thought it would be a profitable way to make money. Unfortunately they are not as well known as ShinyHunters so ransomware extortion is currently the best approach.

        Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP