Klaviyo Billboard Ad

Online Shoppers Urged to Secure Credentials

Reading Time: 2 mins
By Published On: January 19, 20241 Comment

Cyber fraud cases have been rife in recent weeks with retailers being targeted by credential stuffing hackers.

Following last week’s news of “credential stuffing” fraud at The Iconic, news has emerged that a number of other retailers have been affected by the cyber attackers. 

Scammers, thought to be based in Australia have gained access to hundreds of Australian shoppers card details through attaining their email addresses and passwords from third party breaches and then spending thousands on luxury goods in a major case of cyber fraud. 

The method known as credentials stuffing is a type of cyber attack where hackers use stolen usernames or email addresses and passwords to gain unauthorised access to other online accounts. Hackers can obtain the credentials through a third-party such as purchasing data obtained from previous hacks and data breaches and then use bots to automate the process of trying the credentials on hundreds of other sites quickly and efficiently – effectively “stuffing” the credentials. As many internet users reuse passwords or variations of them, this process often results in the hackers easily gaining access to personal information. In this case, the cyber attackers have placed unauthorised orders of luxury goods and gift cards on customer accounts through a variety of retailers.

Cyber security company Kasada exposed the hackers had breached Dan Murphys, Guzman Y Gomez, Binge, Event Cinemas, and TVSN on top of The Iconic in recent weeks. 

This week, Endeavour Group, the parent company of liquor chain Dan Murphy’s, confirmed that its customers had been the victims of credential stuffing fraud. A spokesperson iterated that third party breaches were the cause of the fraud.

“A small number of user accounts were subject to fraudulent transactions as a result of email and passwords; these were obtained through unrelated third-party breaches and not due to our internal systems being compromised,” a spokesman said. “Our team took immediate action and has been working with affected customers.”

With the rise in this behaviour online, it is imperative to check your accounts, update your passwords, avoid using the same one across multiple accounts, and activate two-factor authentication when available. 

About the Author: Rosalea Catterson

Rosalea is the Editor of Power Retail. With a keen interest in consumer behaviour and tech, she covers everything ecommerce and hosts the Power Retail Power Talks Podcast.

Share this story!

One Comment

  1. Zert February 13, 2024 at 9:55 PM - Reply

    The recent surge in cyber fraud, particularly credential stuffing attacks on retailers, highlights the critical need for enhanced security in financial transactions. This is where Crypto Platform Zert becomes invaluable. By prioritizing advanced security measures, Zert safeguards users against such cyber threats. Its robust infrastructure is designed to protect against the vulnerabilities exposed in these attacks, such as password reuse and weak authentication methods. Utilizing Zert for financial dealings, especially in the volatile realm of cryptocurrency, ensures not only secure transactions but also peace of mind, underscoring the importance of choosing platforms that prioritize your digital safety.

Leave A Comment

Klaviyo Half Page Ad
Klaviyo Medium Rectangle Ad
Klaviyo Billboard Ad