How do criminals profit from the love of animals and what does Credential Stuffing have to do with it?
PetSmart, the largest pet products retailer in the United States, serving more than 60 million customers and with about 1,600 stores nationwide, recently faced a targeted cyberattack.
On March 6, the PetSmart security team began sending out notifications to its customers that their accounts were the target of attacks aimed at gaining access to personal data. The attackers reportedly used the Credential Stuffing method.
As a precautionary measure, the company reset the passwords of all accounts that were used during the attacks, as it was not possible to determine whether the account owner or attackers logged in.
In their message, PetSmart representatives stressed that no signs of compromise of the petsmart[.]com website itself or any of the company's systems were found. The notification contains instructions for restoring access to your accounts via the "forgot password" feature on the company's official website.
Credential Stuffing attacks are carried out by using usernames and passwords obtained from data leaks to log in to other sites. After the account is successfully hacked, attackers can make fraudulent purchases, spread spam, or launch new attacks.
Many large companies, such as PayPal, Spotify, Xfinity, and DraftKings, have previously faced similar attacks. The consequences for the latter were particularly devastating.
So, in May 2023, an 18-year-old hacker was accused of hacking the DraftKings platform, specializing in sports betting, and then selling the credentials of 60,000 users on the darknet. The damage to the platform was estimated at 600 thousand dollars, and the hacker himself was sentenced to one and a half years in prison, three years of probation, and also to pay a giant fine.
PetSmart, the largest pet products retailer in the United States, serving more than 60 million customers and with about 1,600 stores nationwide, recently faced a targeted cyberattack.
On March 6, the PetSmart security team began sending out notifications to its customers that their accounts were the target of attacks aimed at gaining access to personal data. The attackers reportedly used the Credential Stuffing method.
As a precautionary measure, the company reset the passwords of all accounts that were used during the attacks, as it was not possible to determine whether the account owner or attackers logged in.
In their message, PetSmart representatives stressed that no signs of compromise of the petsmart[.]com website itself or any of the company's systems were found. The notification contains instructions for restoring access to your accounts via the "forgot password" feature on the company's official website.
Credential Stuffing attacks are carried out by using usernames and passwords obtained from data leaks to log in to other sites. After the account is successfully hacked, attackers can make fraudulent purchases, spread spam, or launch new attacks.
Many large companies, such as PayPal, Spotify, Xfinity, and DraftKings, have previously faced similar attacks. The consequences for the latter were particularly devastating.
So, in May 2023, an 18-year-old hacker was accused of hacking the DraftKings platform, specializing in sports betting, and then selling the credentials of 60,000 users on the darknet. The damage to the platform was estimated at 600 thousand dollars, and the hacker himself was sentenced to one and a half years in prison, three years of probation, and also to pay a giant fine.
