Kalila Sangster reports: Tesco (TSCO.L) is issuing new cards to 600,000 Clubcard account holders after discovering a security breach. The supermarket said some customers may have fallen victim to online fraud after a database of stolen usernames and passwords from other platforms had been tried out on its website. The use of the stolen data…
Search Results for: credential stuffing
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Sergiu Gatlan reports: Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and…
DailyMotion discloses credential stuffing attack
Catalin Cimpanu reports: Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned. […] According to an email sent out to impacted customers, and seen by ZDNet, the credential stuffing started last weekend, on January 19, and appears to have been successful in some cases,…
Eyeware retailer Warby Parker forces password reset; notifies 198,000 customers of credential stuffing attack
Sam Woods reports: Eyewear retailer Warby Parker announced Thursday that it had suffered a cybersecurity breach that may have affected up to 198,000 customers.Hackers accessed customer usernames and passwords from unrelated cyber break-ins at other companies, according to a Warby Parker news release. The hackers then used that information to try to gain unauthorized access to client…
The 111 Million Record Pemiblanc Credential Stuffing List
Troy Hunt reports: ……. I’ve just loaded 111 million email addresses found in a credential stuffing list called “Pemiblanc” into HIBP. I had multiple different supporters of HIBP direct me to this collection of data which resided on a web server in France and looked like this: That site has now been taken down…
Humana notifies members after credential stuffing attack on Humana.com and Go365.com
Health insurer Humana recently began notifying an unspecified number of health plan members after detecting and blocking a credential stuffing attack against Humana.com and Go365.com. The attacks took place on June 3 and June 4 from overseas IP addresses. In a notification letter dated June 21, Jim Theiss, Humana’s Chief Privacy Officer, writes: On June 3,…