Login

Register

Login

Register


J.Crew has informed customers that their accounts and personal information may have been compromised by an unauthorized third party, in what appears to be a credential stuffing attack.

The popular US clothing retailer claimed the hacker obtained customer usernames and logins and used them to access the accounts in around April 2019.

“The information that would have been accessible in your jcrew.com account includes the last four digits of credit card numbers you have stored in your account, the expiration dates, card types, and billing addresses connected to those cards, and order numbers, shipping confirmation numbers, and shipment status of those orders,” the notice read.

“We do not have reason to believe that the unauthorized party gained access to any additional information within your account.”

Still, these details would be enough to craft highly convincing phishing emails designed to elicit further information from customers, with the aim of full-scale identity fraud.

The firm has reset passwords for the affected accounts and urged customers to change the credential if they use it across any other sites.

However, the notice raises one important question: if the incident was detected “through routine and proactive web scanning” by J.Crew, why did it take almost a year to alert customers?

Red Canary co-founder, Chris Rothe, argued that this “scanning” may refer to the firm’s dark web searches for customer data, which may not have elicited the stolen data for months.  

“This is an interesting aspect of breaches that I don’t think most people realize. The time from when a breach is discovered to when it is disclosed can be a long time depending on how difficult the investigation is, how sensitive the data is, etc,” he said.

“As a J.Crew consumer I may have an expectation that if someone compromises my account, the company will tell me immediately. The reality is it could take a very long time especially for organizations with weak detection and response capabilities.”

Retail is one of the most frequently targeted sectors for credential stuffing attacks. Akamai detected nearly 28 billion attempts on retail customer accounts in an eight-month period in 2018.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW