Friday, January 22, 23:47
Home security Sam's Club: Credential stuffing behind account breach?

Sam's Club: Credential stuffing behind account breach?

Sam Club

In the last two weeks, the Sam's club sends alerts security and emails to reset password access, to its customers most likely affected by credential stuffing attacks. Sam's Club is an American company owned by Walmart and has been operating since 1983.

Possible credential stuffing attacks

The messages that Sam's Club has sent to its members (and saw it BleepingComputer), state that unauthorized users may have access to their accounts (of the members).

The company discovered the unauthorized access in September. According to Sam's Club, the attackers already had the credentials of users, through credential stuffing, data breaches or Phishing attacks.

In credential stuffing attacks, attackers try out usernames and password combinations that have been leaked online by other companies. Using the exposed credentials, the hackers can access a Sam's Club member's account (if that member uses their passwords on other sites).

This is why security professionals emphasize the importance of using different credentials on different sites and applications. Using the same credentials on all accounts is dangerous, because if a site has been compromised and its credentials have been leaked users others can also be violated accounts. Criminals test exposed credentials in other applications and may gain access (credential stuffing).

"We recently learned that in mid-September, an unauthorized party used your login credentials (email address and password) to access your Sam's Club account. Based on our investigation, the credentials used were not a breach of Sam's Club", Said the security notice sent to members.

"Instead, your credentials may have been obtained from another source, for example, from another company's site, where you may have used the same or similar login information."He said.

Sam's Club spokeswoman Meggan Kring told BleepingComputer:

"Protecting the privacy of our members is something we take very seriously and constantly monitor for suspicious activity. As part of this effort, we recently found that unauthorized users were linked to specific member accounts".

Credential stuffing

The spokeswoman said that the unauthorized access did not result from a breach of the company's systems. The attackers already had the credentials most likely from phishing attacks, malware theft of data or breaches of other companies.

"We have reset the passwords for these accounts and are taking additional steps to protect them from fraudulent activity.".

Automatic password reset

All affected Sam's Club members have received security alerts for automatic password reset on suspicion of unauthorized access to the account.

One of the emails sent by the company said:

"Our tracking shows that someone may be trying to take advantage of your account. As a precaution, we reset your password at SamsClub.com. We apologize for any inconvenience this may cause, but we focus on both your protection and your account.".

This prudential monitoring of customer accounts and prompt password reset is very important. Other companies should follow the example of Sam's Club.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...

Bitcoin helps the middle class survive the pandemic

Regulators still imply that Bitcoin is just a tool for criminals, but it seems that for the middle class ...

Lightworks 2021.1 for Linux, Mac and Windows has been released

Lightworks Professional Multi-Platform Video Editing Software received the first major update to Lightworks 2021.1 for Windows, Linux and Mac.

Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...