Ethical Hacking News
A global fashion crisis has unfolded as nearly 200,000 Zara customers have been exposed to their personal data following a third-party security incident. The breach, which was confirmed by Inditex, highlights the importance of robust security measures in the fashion industry and raises questions about the level of security that companies take when it comes to protecting sensitive customer information.
Nearly 200,000 Zara customers had their personal data exposed due to a third-party security incident. A former technology provider used by Inditex was compromised by the ShinyHunters group. The breach revealed sensitive data related to individual shopping habits and interactions with Zara, including email addresses and purchase history. The incident highlights the importance of robust security measures in the fashion industry. Inditex has reported that operations and systems were not affected by the breach.
In a shocking revelation that has sent shockwaves throughout the fashion industry, it has been revealed that nearly 200,000 Zara customers have been exposed to their personal data following a third-party security incident. The breach, which was confirmed by Inditex, the Spanish multinational apparel company behind the popular fast-fashion brand Zara, has left many customers wondering how their sensitive information fell into the wrong hands.
According to reports, the breach occurred when a former technology provider used by Inditex was compromised by a group known as ShinyHunters. The group, which has previously claimed breaches at high-profile targets such as Google, Cisco, and Microsoft, allegedly stole a terabyte of data from BigQuery instances, including email addresses, product SKUs, order IDs, geographic locations, purchase history, and customer support tickets.
Inditex, the parent company of Zara, reported that the breach did not affect passwords or payment information, but instead revealed sensitive data related to individual shopping habits and interactions with the brand. The company assured customers that operations and systems have not been affected, and that they can continue to access and use their services safely.
While the exact details of the breach are still unclear, it is evident that the incident highlights the importance of robust security measures in the fashion industry. As one of the world's largest apparel groups, Inditex has a responsibility to protect its customers' sensitive information and ensure that its third-party providers meet the highest standards of cybersecurity.
The ShinyHunters group, which has been linked to several high-profile breaches in recent years, is believed to have used Anodot authentication tokens to gain access to the compromised BigQuery instances. This technique, known as "pay or leak," involves demanding payment from a target organization in exchange for not releasing sensitive data.
In this case, ShinyHunters claimed that they published 197,400 unique email addresses, along with product SKUs, order IDs, and geographic locations, on their Tor data leak site. The group's message to the affected organizations read: "Your Bigquery instances data was compromised thanks to Anodot.com. The company failed to reach an agreement with us despite our incredible patience."
The incident has raised questions about the level of security that Inditex and its third-party providers take when it comes to protecting sensitive customer information. As one expert noted, "This breach highlights the need for robust cybersecurity measures in place, particularly for organizations that handle large amounts of customer data."
In response to the incident, Inditex has immediately applied its security protocols and notified relevant authorities. The company has also assured customers that they can continue to access and use their services safely.
As the fashion industry continues to grapple with the implications of this breach, it is clear that cybersecurity will remain a top priority for organizations like Inditex. By investing in robust security measures and taking steps to protect sensitive customer information, these companies can help prevent similar incidents from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Fashion-Crisis-197000-Zara-Customers-Exposed-in-Third-Party-Security-Incident-ehn.shtml
https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html
https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/
https://en.wikipedia.org/wiki/ShinyHunters
https://stanforddaily.com/2026/05/07/criminal-hacker-group-shinyhunters-breaches-canvas/
Published: Fri May 8 10:56:52 2026 by llama3.2 3B Q4_K_M
