Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Menu
Redazione RHC : 25 July 2024 17:32
Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor.
At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’
According to the post made by the threat actor, who uses the pseudonym “Voided,” the breach involves a substantial dataset that allegedly belongs to Luxottica. The threat actor claims that an earlier version of the leaked data was incomplete, missing significant details such as apartment/building numbers, genders, birth dates, work numbers, and phone numbers for some records.
Supporta RHC acquistando il Corso CTI:
Supporta RHC attraverso:
Support Red Hot Cyber through Purchasing the comic on Cybersecurity Awareness By following RHC on WhatsApp By following RHC on Telegram Download free “Dark Mirror,” Dark Lab’s ransomware report The complete data record is as follows:
first_name,middle_name,last_name,birth_date,gender_ind,home_email_address,home_uncleansed_email_address,work_email_address,home_address_1,home_address_2,home_city,home_state_province_code,other_address_1,home_phone_number,work_phone_number,bill_phone_number,ship_phone_number,cell_phone_number,fax_phone_number,phone_preference,email_preference
In their post, the actor revealed that the original 2023 leak contained an unreadable 120GB database along with a smaller, more user-friendly 17GB version.
The threat actor stated that he deleted the “nice version” but kept the raw database.
Luxottica Group S.p.A. is a multinational corporation headquartered in Italy, primarily involved in the design, manufacture, and distribution of fashion, luxury, and sports eyewear. With operations in more than 150 countries and about 80,000 employees, Luxottica owns several well-known brands including Ray-Ban, Oakley, and Persol, and also produces eyewear for numerous fashion houses such as Chanel and Prada. The motive behind this breach, as with many cyber attacks, could range from financial gain through the sale of personal data to damaging Luxottica’s reputation. Given the company’s prominent position and large customer base, the data could be highly valuable to malicious actors.
The alleged Luxottica data breach could have implications for both the company and its customers.
Exposure of sensitive personal information such as birth dates, phone numbers, and addresses increases the risk of identity theft and fraud. In addition, detailed information about individuals’ workplaces and phone numbers could be exploited for targeted phishing attacks and social engineering schemes. As is our custom, we always leave room for a statement from the company should they wish to give us updates on the matter.
We will be happy to publish such information with a specific article giving prominence to the matter. RHC will monitor the development of the matter so as to publish further news on the blog if there is substantial news. Should there be persons with knowledge of the facts who wish to provide information anonymously, they can use the encrypted whistleblower email.
Redazione