Security News > 2024 > March > PetSmart warns of credential stuffing attacks trying to hack accounts
Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts.
In new email notifications sent to PetSmart customers first seen by DarkWebInformer, the company warns that customers are being targeted by credential stuffing attacks used to gain access to their accounts.
PetSmart reset passwords for any accounts logged in during the credential stuffing attacks to be safe as they could not determine if the logged in user was the account owner or the hackers.
Once a threat successfully breaches an account, they are used for malicious behavior, including making fraudulent purchases, sending spam, or launching other attacks.
In May 2023, an 18-year-old was charged with hacking 60,000 DraftKings betting accounts and selling them on a stolen account marketplace called the Goat Shop.
While DraftKings initially stated only $300,000 was stolen via the attacks, the Department of Justice later revealed that $600,000 was stolen from 1,600 compromised accounts.
News URL
Related news
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)