About 15,000 people have had their card information compromised after a new scam targeted some of Australia’s biggest brands (including The Iconic) and hacked their customer information. And the list of affected people is growing rapidly.
The Iconic, Binge, Dan Murphy’s, Guzman y Gomez and TVSN were all impacted by the credential stuffing scam (which is a type of scam that involves using previously stolen passwords to access the users’ other accounts on different websites).
“They are going after people who have saved their credit card or gift card details on these company’s websites, with customers who use the same log-in details for multiple sites especially vulnerable to attack,” 7NEWS reporter Rob Scott told Sunrise.
“Scammers are boasting about buying clothes, iPhones, and hundreds of dollars’ worth of alcohol with these stolen credit card information in online chat rooms,” he said.
Binge said in a statement that its customers “remain unaffected by credit card scams including the one reported by Kasada and no credit card details have been compromised” because its customers’ credit card details are “managed off-platform.”
The news comes just a week after The Iconic was the target of cyber hacks last week which saw scammers make thousands of dollars worth of fraudulent purchases on users’ accounts. It claimed its own systems weren’t hacked — which would be consistent with credential stuffing, since that only requires getting into the user’s account and finding an already-saved card.
“We are aware that there have been unauthorised access to a number of customer accounts, although this is not a breach of any of The Iconic’s internal systems,” The Iconic posted Facebook last week.
“Please know this is an ongoing investigation, we will continue to provide updates to any impacted customers to ensure they are kept informed.”
In another case last year, an Aussie woman was a victim of the Medibank data breach and had her PayPal account accessed by fraudsters. She was told she owed Adidas and NBA almost $2 million via a legal notice in her email, after hackers allegedly used her identity to make heaps of fraudulent transactions.
The whole thing is pretty scary, and an urgent reminder not to use the same password for multiple accounts (or to save your card details in your online shopping accounts, for that matter).
If you need me, I’ll be finally sorting through my iPhone’s persistent reminders to change all my compromised passwords.
Image: oatawa / iStock
