Australia Hit by Major ‘Credential Stuffing’ Hacking Attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Wide-scale Hacking Attack Targets Australian Consumers

Thousands of unsuspecting customers of major Australian companies spanning the fashion, fast-food, and entertainment industries have fallen victim to a widespread hacking incident. The method known as ‘credential stuffing,’ involves cybercriminals exploiting stolen online login details to infiltrate accounts and execute unauthorized transactions.

The Discovery

The cybersecurity firm, Kasada, unmasked the issue, revealing that companies such as The Iconic, Guzman y Gomez, Dan Murphy’s, Binge, TVSN, and Event Cinemas have had customer accounts compromised. The hackers, some of whom are believed to be local Australians, acquired these login details from overseas cybercriminals and have been actively engaging in fraudulent purchases. These transactions include high-value items like iPhones and premium alcohol, with one such purchase amounting to a staggering $782 haul of alcohol from Dan Murphy’s.

The Scale of the Attack

Kasada’s tracking software indicates that over 15,000 Australian online accounts have been penetrated since late November, and the number continues to soar. The methodology of the credential stuffing scheme is particularly insidious as it targets customers who save their credit card details on company websites or have digital gift cards or store credit available for online purchases.

Countering the Threat

The Australian Cyber Security Centre has recommended consumers to fortify their online defenses by utilizing strong, unique passwords and enabling multifactor authentication. Affected companies are taking swift action to rectify the situation, issuing refunds, and reminding customers of the importance of robust password practices. Cybersecurity Minister, Clare O’Neil, underscored the collective responsibility for cybersecurity in Australia. Endeavour Group, owner of Dan Murphy’s, confirmed that their customers were targeted in these fraudulent activities, but assured that their internal systems remained intact.


Click Here For The Original Story From This Source.

National Cyber Security