Dan Murphys, Guzman Y Gomez among brands caught up in ‘credential stuffing’ scam | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The scheme targets customers who save their credit card details on company websites or who have online gift cards or store credit that can be spent on online purchases.

Receipts for purchases posted in a Telegram message group where scammers boast about hacking accounts.

Customers who use the same login details for multiple online accounts are especially vulnerable to abuse.

The Australian Cyber Security Centre defines credential stuffing as a type of hack in which cyber criminals “use previously stolen passwords from one website and try to reuse them elsewhere”.

This makes it different to the large-scale data breaches that have affected companies such as Optus and Medibank Private.

“The modus operandi of these guys is to purchase the biggest amount you can as quickly as possible before it can be noticed or stopped,” said Crowther, whose firm counts Hyatt, Sportsbet and Flybuys among its clients.

Some customers of The Iconic complained that purchases of more than $1000 had been taken from their accounts.

Crowther said Australian fraudsters have been buying hacked login details on the black market from cybercriminals in Eastern Europe, usually for around just 5 per cent of the total account value.

Cybersecurity Minister Clare O’Neil said: “Cybersecurity is a shared responsibility of us all. It is vital that Australians and Australian businesses are alert to the threat of credential stuffing.

“Consumers who are concerned about being caught in these attacks should take the usual precautions of using strong and unique passphrases for different accounts and enabling multifactor authentication where possible.”

Minister for Cyber Security Clare O’Neil in her office at Parliament House.

Minister for Cyber Security Clare O’Neil in her office at Parliament House.Credit: Alex Ellinghausen

Endeavour Group, which owns Dan Murphy’s, confirmed its customers had been the victims of credential stuffing fraud in recent weeks.

“A small number of user accounts were subject to fraudulent transactions as a result of email and passwords; these were obtained through unrelated third-party breaches and not due to our internal systems being compromised,” a spokesman said.

“Our team took immediate action and has been working with affected customers.”

Noting that the company’s investigations were ongoing, the spokesman said: “All customers are encouraged to practise good password hygiene, using a strong password and changing it periodically.”


Some of the scammers used stored PayPal accounts linked to an email and password to make the fraudulent purchases.

A TVSN spokeswoman confirmed that “a small number” of customers had been affected, and the network had contacted those who had to issue refunds for unauthorised transactions.

“In communications on this issue, TVSN has reminded its customers of the importance of ensuring that they have a strong, unique password for each different website or account that they hold,” the spokeswoman said. No TVSN customer credit card information had been accessed, she said.

A spokeswoman for Guzman y Gomez said the company does not save customer credit card details and “uses advanced monitoring for such attacks and proactively takes action to defend against cyber criminals to protect our guests, including notifying users of suspicious activity”.

A spokeswoman for Event Cinemas said the company had “not experienced recent transactions or activity inconsistent with past trends” but would follow up the issue with Kasada.

Cut through the noise of federal politics with news, views and expert analysis. Subscribers can sign up to our weekly Inside Politics newsletter.


Click Here For The Original Story From This Source.

National Cyber Security