Security News > 2020 > October > Sam's Club customer accounts hacked in credential stuffing attacks
Over the past two weeks, Sam's Club has started sending automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks.
In emails sent out to Sam's Club members, and seen by BleepingComputer, the company is alerting members that an unauthorized party may have gained access to their accounts.
Credential stuffing attacks involve the attackers trying previously leaked username-password combinations against another website in an automated fashion, in an attempt to find accounts that share the same credentials.
"We recently learned that, in mid-September, an unauthorized party used your login credentials to access your Sam's Club account. Based on our investigation, the credentials used did not come from Sam's Club," read the security notification.
More companies should follow Sam's Club's lead in proactively monitoring customer accounts and resetting passwords.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- ADT discloses second breach in 2 months, hacked via stolen credentials (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)