![\"Credential](\"http:\/\/www.tomgrimshaw.com\/tomsblog\/wp-content\/uploads\/2024\/02\/Credential_Stuffing-300x162.jpg\")
<\/p>\n<\/p>\n
Cyber security company, Kasada, has been investigating cyber attacks and found a number of well-known retailers might have been compromised, according to the\u00a0Sydney Morning Herald<\/a>.<\/p>\n In their analysis, Kasada alleges some customers of Guzman y Gomez, Dan Murphy\u2019s, Binge, TVSN and Event Cinemas have had their online accounts compromised.<\/p>\n This comes just a week after the news that online retailer,\u00a0The Iconic had been breached<\/a>, causing some customers to lose thousands of dollars and have their user details breached.<\/p>\n In these attacks, cyber criminals are using a scam called \u201ccredential stuffing\u201d to gain access to an individual\u2019s online account and make fraudulent transactions.<\/p>\n As a small business, if you trade online using an eCommerce store or you purchase online \u2014 here\u2019s what you need to know.<\/p>\n<\/div>\n<\/div>\n Credential stuffing\u00a0<\/b>is a type of cyber attack that targets people who have previously had their usernames, emails or passwords stolen in a data breach. They are then more vulnerable to a second, more dangerous attack where cyber criminals reuse the email and password combinations to get access to more of your accounts, and more of your personal data.<\/p>\n It might help to think of credential stuffing like a cyber criminal game of bingo. Hackers will take your previously stolen passwords and try to crack your other accounts using the same details. This is why people who reuse the same passwords when shopping online are more at-risk of an attack.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n When cyber criminals successfully use credential stuffing to guess your password on a online shopping account then they have the ability to place orders, and charge them back to your previously used credit card!<\/p>\n Kasada, who has been analysing the attacks, says that 15,000 Australian accounts have been hacked in the past three months, as at January 2023, with that number growing daily.<\/p>\n People who use the same passwords across many accounts are most vulnerable to a credential stuffing cyber attack, especially if they have previously had their usernames stolen in an unrelated data breach.<\/p>\n If you are unsure if you have previously had your data leaked online you can check by visiting the website \u2018Have I been pwnd<\/a>\u2019\u00a0<\/b>which checks your email against known data leaks. If the email you usually shop with is in on this list it means\u00a0 you can be targeted with a credential stuffing attack.<\/p>\n Because credential stuffing cyber attacks impersonate legitimate shoppers using real passwords and real usernames, it makes it very difficult for online businesses to identify the scam.<\/p>\n While many companies are still learning or investigating the attacks, we encourage you to review your bank statements and look out for any suspicious transactions.<\/p>\n If you think you have been hacked, you can\u00a0make a report to the ACSC.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n\n\n\n\n\nWhat is credential stuffing?<\/h3>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n
\n\n\n\n\n\n\n\n\n\nWhat are credential stuffing shopping scams?<\/h3>\n<\/div>\n<\/div>\n
\n\n\n\nHow do I know if my details have been hacked?<\/h3>\n<\/div>\n<\/div>\n
\n\n