Looks from the article like it was stolen by infecting the PC of a third party analytics firm user who had privileged access to Hot Topics snowflake data warehouses and didn’t have MFA enabled. That is just inexcusable in this day and age and $100k is a small price for Hot Topics snowflake to pay for that fuck up (assuming the bad actor actually follows through and doesn’t sell the data if HT pays the price set). Pro tip (or really amateur tip), MFA all the things. Even SMS based MFA is better than no MFA even though it’s not ideal.
i had to access a snowflake account the other day, it had 2 mfa challenges… one from the idp via sso, and then the local snowflake one.
100k is a single fte! peanuts!
I work in snowflake every day, and we have two as well.
You know what’s worse? Without MFA their cyber insurance isn’t covering it. Not this day and age.
How the fuck does Hot Topic even have 350 million customers?
They own Hot Topic, Box Lunch and Torrid, and at least 2 or 3 more smaller companies.
Pleather sold real well in the 90s.
Oh no! I hope they don’t have MY info!
Oh wait. I’m 41. Last time I shopped at Hot Topic was 24 years ago. I bought a Green Day shirt, an Offspring dhirt, and 2 chains for my wallet. As was the style at the time.
gz on the data leak
