Hackers leak data on nearly a million Halara customers

Popular clothing company Halara investigating a potential breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have leaked sensitive information on almost a million people claimed to be customers of Hong Kong-based activewear firm Halara.

A hacker under the alias Sanggiero posted a new thread on a dark net forum, and in a Telegram channel, with the details of the hack.

“In January 2024, over 1M rows of data from the store company Halara was posted to a popular hacking forum. The data contained 1M unique addressId, first name, last name, phone numbers, country, home address, zip, province, city, iso,” the post allegedly reads.

Vulnerable API

Vulnerable API

Analysis of the database posted there appeared to confirm that at least some of the information posted there is accurate. For example, while the hacker claims to have information on a million people, the database contains 941,910 records. Furthermore, the hacker used an incorrect logo for Halara, posting one that belongs to an unrelated cannabis company.

BleepingComputerdid reach out to some of the people whose information was posted in the database, and confirmed that the data is correct. The publication also confirmed that the people were indeed customers of Halara.

This means that whoever takes the information could use it to craft credible-looking phishing emails, or engage inidentity theft.

The company was said to be investigating the matter now.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

BleepingComputer also managed to contact Sanggiero, who claim to have stolen the data via a vulnerability in an API on the Halara website. The database isn’t of much value to them, which is why they decided to share it online for free. No contact with the victim was made, apparently.

Halara is a sports apparel company, selling what’s known as “athleisure” clothes. It was founded in 2020, and gained huge popularity via short videos shared on TikTok.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)