PetSmart is warning customers their passwords were reset due to an ongoing credential stuffing attack.
DarkWebInformer was the first to post the company’s notice to customers on “X” (formerly Twitter) wherein the company confirmed that during a period of increased “password guessing attacks” the customers account was logged in to.
As a precaution, PetSmart reset all passwords of accounts that had been logged in during the credential stuffing attack and now those users must reset their passwords.
As the largest Pet focused retailer in the US, PetSmart has over 60 million customers and 1,600 stores nationwide. PetSmart did not say how many customers were affected.
“We want to assure you that there is no indication that petsmart.com or any of our systems have been compromised,” the PetSmart alert said.
“In an abundance of caution to protect you and your account, we have inactivated your password petsmart.com. The next time you visit petsmart.com, simply click the “forgot password” link to reset your password.”
Ted Miracco, CEO, VP, Approov had this to say:
“PetSmart’s reliance on password resets alone is necessary, but entirely insufficient in addressing the complexities of modern cyber threats like credential stuffing. Securing APIs requires more than just credentials and MFA, it demands a comprehensive security strategy that encompasses multiple layers of protection.
“The adoption of advanced security measures like token-based systems is often perceived as the domain of banks, cryptocurrency platforms, and other high-security sectors. However, the reality is that any business handling personal information – be it an eCommerce platform, a healthcare provider, or, indeed, a pet retailer – must prioritize these enhanced security measures.“
This hopefully will spur PetSmart to do better when it comes to security. Because getting pwned is never good for business.
Like this:
Like Loading...
Related
This entry was posted on March 7, 2024 at 2:43 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
PetSmart Hit With A Credential Stuffing Attack
PetSmart is warning customers their passwords were reset due to an ongoing credential stuffing attack.
DarkWebInformer was the first to post the company’s notice to customers on “X” (formerly Twitter) wherein the company confirmed that during a period of increased “password guessing attacks” the customers account was logged in to.
As a precaution, PetSmart reset all passwords of accounts that had been logged in during the credential stuffing attack and now those users must reset their passwords.
As the largest Pet focused retailer in the US, PetSmart has over 60 million customers and 1,600 stores nationwide. PetSmart did not say how many customers were affected.
“We want to assure you that there is no indication that petsmart.com or any of our systems have been compromised,” the PetSmart alert said.
“In an abundance of caution to protect you and your account, we have inactivated your password petsmart.com. The next time you visit petsmart.com, simply click the “forgot password” link to reset your password.”
Ted Miracco, CEO, VP, Approov had this to say:
“PetSmart’s reliance on password resets alone is necessary, but entirely insufficient in addressing the complexities of modern cyber threats like credential stuffing. Securing APIs requires more than just credentials and MFA, it demands a comprehensive security strategy that encompasses multiple layers of protection.
“The adoption of advanced security measures like token-based systems is often perceived as the domain of banks, cryptocurrency platforms, and other high-security sectors. However, the reality is that any business handling personal information – be it an eCommerce platform, a healthcare provider, or, indeed, a pet retailer – must prioritize these enhanced security measures.“
This hopefully will spur PetSmart to do better when it comes to security. Because getting pwned is never good for business.
Share this:
Like this:
Related
This entry was posted on March 7, 2024 at 2:43 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.