Luxottica, a well-known eyewear supplier, which owns big names such as Ray-Ban, Oakley and Chanel, has recently encountered major information security threats. The profiles of more than 70 million of the company’s users, including sensitive information such as names and birthdays, were accidentally exposed on hacker websites. Luxottica said that the incident was not the hacking of the company’s own system, but the attack on the foreign company it cooperated, resulting in the leakage of customer information.
According to D3Lab security researcher Andrea Draghetti, between April 30 and May 12, Luxottica’s customer profiles were published for free on multiple hacking forums. Some of the data obtained by the researchers included some information dating back to March 2021, including birthday, name, address, phone number, etc., showing that this time is not only leaked before 2020, but contains new data leakage incidents.
Luxottica explained that the source of this data breach was the hacking of a foreign businessman who handled data in 2021, and stressed that this incident had nothing to do with the company’s system. They further stated that the company was aware of the incident in November 2021, noting that websites that had made user information public had been shut down by law enforcement.
In addition, Troy Hunt, founder of HaveIBeenPwned (HIBP), also analyzed the incident and found that 74% of the more than 77 million public profiles have been recorded on the HIBP platform, and Hunt said that he will notify 320,000 of these subscribers. If a U.S. user’s Gmail mailbox was compromised in this incident, and the user had previously enabled Google notifications, they would also be able to get notifications from the Gmail system.