The Iconic has faced a digital hack despite no data breach on their end with customer's credentials compromised through credential stuffing.
Customers of popular online fashion retailer The Iconic have been subject to a digital attack with a wave of scammers compromising customer accounts and making fraudulent orders.
Customers took to social media to express their concern over transactions and login attempts that they did not make with some customers claiming hundreds of dollars lost.
The Iconic issues a statement earlier this week claiming that the incidents were not a result of a data breach on the retailer’s side, but a result of compromised credentials.
“We have recently seen an increase in fraudulent account login attempts on The Iconic, which our Security and Fraud teams continue to actively manage, in conjunction with our security partners,” a spokesperson for The Iconic stated. “We are working with all customers to address these incidents, which are not a result of a data breach at The Iconic.”
“The unauthorised third party used login credentials sourced through data breaches on other compromised website/s that are unrelated to The Iconic,” the statement reads.
It claims the unauthorised third party used a technique known as ‘credential stuffing’ where login credentials (email address and password combination) are obtained by an unauthorised third party from compromised websites, through phishing, malicious software or from databases available on the dark web. These unauthorised third parties know that customers often reuse the same login credentials across multiple websites or platforms.
The retailer has promised to refund effected customers and cancel fraudulent orders. “The security of our customer data is of the utmost importance to us and we continue to work with our third party security partners to protect against all fraudulent activity,” stated The Iconic.
Customers are advised to update their passwords and report any suspicious account activity.