Security News > 2020 > October > Sam's Club customer accounts hacked in credential stuffing attacks
Over the past two weeks, Sam's Club has started sending automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks.
In emails sent out to Sam's Club members, and seen by BleepingComputer, the company is alerting members that an unauthorized party may have gained access to their accounts.
Credential stuffing attacks involve the attackers trying previously leaked username-password combinations against another website in an automated fashion, in an attempt to find accounts that share the same credentials.
"We recently learned that, in mid-September, an unauthorized party used your login credentials to access your Sam's Club account. Based on our investigation, the credentials used did not come from Sam's Club," read the security notification.
More companies should follow Sam's Club's lead in proactively monitoring customer accounts and resetting passwords.