Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
Red Hot Cyber Academy
Red Hot Cyber Academy

ShinyHunters violates Gucci, Balenciaga, and Alexander McQueen: $7.4 million worth of records exposed

Redazione RHC : 17 September 2025 10:31

Kering, the luxury and fashion giant, has officially announced that a data breach was perpetrated against customers of its leading brands, including Gucci, Balenciaga, and Alexander McQueen. ShinyHunters, the same threat actors we recently interviewed, managed to access users’ private information.

The breach, detected in June but occurring in April, exposed personally identifiable information (PII) of approximately 7.4 million unique email addresses.

No data regulated by the PCI-DSS standard, such as credit card numbers or bank account details, was exfiltrated. The files instead include names, email addresses, phone numbers, shipping addresses, and a “Total Sales” field indicating each customer’s cumulative spending.

The BBC reports that the attacker, who identified himself as Shiny Hunters, claimed to have negotiated a ransom in Bitcoin (BTC) with Kering starting in June via Telegram. Kering denies any ransom negotiations and confirms that it is adhering to law enforcement guidelines that require refusing ransom payments.

According to Kering’s statement, the attacker gained temporary access unauthorized access via compromised internal credentials, likely collected through a phishing campaign targeting Salesforce SSO portals. The stolen dataset contains:

  • E-mail
  • Name and surname
  • Telephone number
  • Shipping address
  • Total sales

Analysis of a proof-of-concept sample revealed spending ranges from $10,000 to $86,000 per person, increasing concerns about spear-phishing. Kering has notified the relevant data protection authorities pursuant to Article 33 of the GDPR and communicated directly with affected customers via email.

Similarly, Google’s Threat Analysis Group attributes a similar campaign, identified as UNC6040, to Shiny Hunters, noting the exploitation of stolen API tokens and the misuse of OAuth scopes to harvest credentials from other large companies.

All customers are advised to reset their passwords and review their account recovery settings for all email and e-commerce profiles. Being alert to unsolicited calls or emails requesting urgent action can help prevent subsequent fraud.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli