Earlier this month, Krebs on Security first reported that one of the largest retailers of beauty products 'Sally Beauty' had been hacked. At the time, the Sally Beauty said there is no card data involved in the breach.
Today, the company confirmed that its network has been breached and fewer than 25,000 credits cards data may have been compromised by attackers.
“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation." Sally Beauty said.
"As a result, we will not speculate as to the scope or nature of the data security incident." the company added.
The company said they will continue to work with Verizon and US secret services on this investigation. The company is taking necessary actions and precautions.
In the meantime, an unknown hacker defaced a website selling the stolen credit card data and send a message to the admin of the site as well as to Brian Krebs.
" Hi subhumans and miscreants, your fraud site is gone now. Go away.
Also, Krebs, please dont call me a punk on Twatter: im trying to be a good person :(" The defacement page reads.
"To all the people who used this service to blackmail and threaten and "dox" people's families: fuck you especially. To the "regular" fraudsters: fuck you too but slightly less. To Cloudflare: why in a billion 6000-degree hells is your NS TTL 80000?"