Hautelook Cyber Attack | Times when shopping turned into a disaster

What is Hautelook?

Hautelook is a Los Angeles, California-based members-only e-commerce website, best known for its flash sales and limited-period offers. This website is known to sell apparel, toys and home décor products with steep discounts. That should explain why this website was hacked in December — a time when prices typically spike up and people tend to cling on to e-commerce websites that offer steep discounts. This is the very reason for BreachReport to believe that this cyberattack launched on Hautelook.com was well-planned and executed after necessary deliberation.

Impact of the Hautelook Cyber Attack

Our recent findings on a Dark Web Forum indicates that over 12 million user accounts — approximately 12,746,263, belonging to the users of Hautelook.com continue to remain vulnerable. Currently, these email IDs and passwords are decrypted and available in plain text format. The hashes have been cracked for each of these accounts, and the database remains available for download on the dark web forums.

In this database, the primary cyber attackers who cracked the hashed user accounts and passwords of Hautelook.com claim to have made it available in the lower-case, in the EMAIL: PW format. By doing that, the cybercriminals that launched the attack on hautelook.com have rendered the user accounts and passwords vulnerable. Those gaining access to it would also gain access to all the linked information belonging to these 12,746,263 accounts. Further damage could be caused by the threat actors themselves or those gaining unauthorized access to this database of decrypted Hautelook user accounts and passwords.

Hautelook.com Cyber Attack and Financial Damage

It is quite unclear whether any financial damage is caused due to this cyberattack. However, there are indications that this database has been accessed by those other than the ones who decrypted them. So, it is more than likely that the cybercriminals who have gained access to this database would misuse it. As a result, users may have to deal with possible financial losses. However, since Hautelook and its users seem to appear unaware of this cyberattack (until now), there has been no mention of any losses in connection to this cyberattack. So, despite the fact that 12,746,263 user accounts and passwords continue to remain available on the dark web forums since mid-December, 2019, the e-commerce website appears unaware of it and refuses to comment on the matter. This clearly indicates how badly the e-commerce website needs to upgrade its cybersecurity measures.

Ecommerce websites vulnerabilities

Cyber Attackers continue to pursue e-commerce websites, which makes it one of the most targeted categories. That’s largely due to the fact that these websites contain financial details such as cardholder details, which the cybercriminals can misuse or sell to others. It is worth noting that e-commerce websites are either hacked individually or due to a common vulnerability in the CMS, which causes a dominoes effect. However, in the case of Hautelook, we anticipate an individual attack.

Most e-commerce websites are infected due to a lack of maintenance and inadequate security measures. This includes the choice of Web Server, CMS, add-ons or plug-ins, firewalls, antivirus and more. So, there is every possibility that the webmaster is likely to miss out on something, which could be the case with Hautelook.com. These vulnerabilities can be easily fixed by adopting timely and prompt cybersecurity measures such as penetration testing and timely security audits.

Conclusion

Presently, most e-commerce websites remain complied with the PCI DSS requirements and one of the core requirements is that all the data exchanged between the server and the client remains encrypted. However, cybercriminals do not seem to be discouraged by this mandatory security measure, which is quite evident by the Hautelook cyberattack. With cybercriminals using more sophisticated technologies than ever before, e-commerce website owners need to make use of Ethical Hackers to run regular penetration tests. By ensuring regular security audits, e-commerce websites can identify and eliminate potential loopholes.