1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • PetSmart warns users to beware of potential cyber scams

    From TechnologyDaily@1337:1/100 to All on Thu Mar 7 16:00:06 2024
    PetSmart warns users to beware of potential cyber scams

    Date:
    Thu, 07 Mar 2024 15:58:50 +0000

    Description:
    Hackers found stuffing PetSmart accounts with credentials, trying to break inside.

    FULL STORY ======================================================================

    PetSmart was forced to log people out of their accounts and reset their passwords due to an ongoing credential stuffing attack.

    The American pet retail giant sent out a security notification to its users telling them that an unidentified threat actor tried to log into peoples accounts via credential stuffing - an automated attack in which the hacker tries infinite username/password combinations until they break into an account.

    "We want to assure you that there is no indication that petsmart.com or any
    of our systems have been compromised," the breach notification said. Using accounts for spam

    With credential stuffing attacks, its virtually impossible to differentiate between regular traffic (i.e. actual user logging into their account) and malicious traffic, which is why PetSmart decided to simply push everyone out and force a password reset, just to be on the safe side.

    "Instead, our security tools saw an increase in password guessing attacks on petsmart.com, and during this time your account was logged into. While the
    log in may have been valid, we wanted you to know, they added. "In an abundance of caution to protect you and your account, we have inactivated
    your password petsmart.com. The next time you visit petsmart.com, simply
    click the "forgot password" link to reset your password."

    Credential stuffing attacks often work for two reasons: first, people frequently use weak and easy-to-guess passwords, which automated tools can easily crack; and second, some services grant their users unlimited attempts at logging in, which is ideal for hackers with automation tools. Having
    access to different accounts might sound pointless, but hackers have ways of making use of them. For example, they can use the accounts to spread spam, or malware, to other users who would not expect an attack from a familiar face.

    PetSmart is considered one of the biggest retailers for pet products in the US, with more than 60 million customers.

    Via BleepingComputer More from TechRadar Pro This new Linux malware floods machines with cryptominers and DDoS bots Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/petsmart-warns-users-to-beware-of-poten tial-cyber-scams


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)