CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

ShinyHunters claims Zara data breach via compromised Anodot token impacting 197,400 customers

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A data breach at Spanish retailer Zara exposed personal information for 197,400 customers after attackers gained access to databases hosted by a former technology provider. The compromised data includes unique email addresses, geographic locations, product SKUs, order IDs, and support tickets. While Inditex stated no names, phone numbers, addresses, credentials, or payment data were exposed, the incident stems from a security failure at a third-party provider. ShinyHunters has claimed responsibility, releasing a 140GB archive allegedly containing stolen BigQuery documents accessed via compromised Anodot authentication tokens. The gang previously exploited similar vectors in other high-profile breaches.

Timeline

  1. 08.05.2026 13:42 1 articles · 15h ago

    ShinyHunters claims Zara breach via Anodot token compromise; 197,400 customers affected

    ShinyHunters publicly claimed responsibility for a data breach at Zara, alleging they accessed compromised BigQuery instances through stolen Anodot authentication tokens tied to a former technology provider. Independent analysis confirmed 197,400 unique email addresses were exposed, along with order IDs, product SKUs, and geographic data. Inditex stated no sensitive identity or financial data was compromised, though the incident underscores risks arising from third-party provider security failures and the exploitation of authentication tokens across SaaS platforms.

    Show sources
    Open in new tab

Information Snippets

  • ShinyHunters claims responsibility for the Zara data breach, asserting they stole data from compromised BigQuery instances using stolen Anodot authentication tokens.

    First reported: 08.05.2026 13:42
    1 source, 1 article
    Show sources

  • Have I Been Pwned analysis confirms the breach impacted 197,400 unique email addresses and includes associated purchase data, order IDs, and support ticket origins.

    First reported: 08.05.2026 13:42
    1 source, 1 article
    Show sources

  • Inditex stated that customer names, addresses, phone numbers, credentials, and payment information were not exposed in the incident.

    First reported: 08.05.2026 13:42
    1 source, 1 article
    Show sources

  • The compromised databases were hosted by a former technology provider, not Zara’s internal systems, and affected multiple companies internationally.

    First reported: 08.05.2026 13:42
    1 source, 1 article
    Show sources

  • ShinyHunters previously linked Anodot token theft to a series of breaches, including attacks on Salesforce instances using AI-based detection evasion techniques.

    First reported: 08.05.2026 13:42
    1 source, 1 article
    Show sources

  • The group has been active in recent months, claiming breaches against Google, Cisco, PornHub, Rockstar Games, ADT, and others, as well as defacing Canvas portals for 330 universities after exploiting a separate vulnerability.

    First reported: 08.05.2026 13:42
    1 source, 1 article
    Show sources