Login

Register

Login

Register

Wiggle Data Breach – Accounts ‘Fraudulently Accessed’ | #Databreach | Pentest | #cybersecurity | #informationsecurity

[ad_1]

Wiggle customers are reporting purchases made using their card details, amid what appears to be a data breach.

Updated 20:30 16th June

We’ve received the following statement from Wiggle:

Ross Clemmow, CEO at Wiggle: “Data security is of the utmost importance to us. We’ve investigated the isolated incidents where accounts have been accessed, and we understand a small number of customers’ login details have been acquired outside of Wiggle’s systems and some have been used to gain access to Wiggle accounts and purchases made. We have taken steps to identify these compromised accounts and we will be individually contacting these customers. All impacted customers will be refunded. To protect our customers, all accounts will require the re-entry of card details for the next purchase. We are aware that where customers utilise the same password across multiple websites, fraudsters with access to some details can feasibly use these to try and gain access to genuine customer accounts. We recommend our customers change their password if they have any concerns. We would like to assure our customers we’re prioritising all enquiries related to this issue.”

We’ve been advised that Wiggle will require all customers to re-enter their payment details next time they log in, in order to help prevent further fraudulent purchases being made. It seems that that problem occurs where users have the same email and password associated with more than one site. While it’s not Wiggle’s systems that have been hacked, we don’t know where the source data has come from that has allowed fraudsters to access these Wiggle accounts.

You’re advised to change your password – particularly if you used it on multiple accounts. Since Wiggle has now removed payment details from accounts, changing your password should protect your account in future. Also, check your Wiggle transactions and if you see anything that wasn’t you, get in touch with Customer Services, who are issuing refunds as a priority.

Of course, none of us would ever do anything as conveniently stupid as use the same password in multiple places, now, would we…?

Original Article Below

Customers used social media to report instances of products that they had not ordered being bought on their cards:

A statement on Wiggle’s website (and you’d probably only find it if you were really looking for it) states:

Update on recent incidents

We have investigated isolated incidents where accounts have been fraudulently accessed.

We understand a small number of customers’ login details have been acquired outside of Wiggle’s systems and some have been used to gain access to Wiggle accounts and purchases made.

We have taken steps to identify these compromised accounts and we are individually contacting these customers.

All impacted customers will be refunded.

We are aware that where customers utilise the same password across multiple websites, fraudsters with access to some details can feasibly use these to try and gain access to genuine customer accounts.

We recommend our customers change their password if they have any concerns. We would like to assure our customers we are prioritising all enquiries related to this issue.

We would like to remind customers that data security is of the utmost importance to us.

Wiggle data breach hack fraudulent

The wording ‘details have been acquired outside of Wiggle’s systems’ suggests that possibly the data breach has come through a third party rather than their internal systems. However, social media responses suggest they’re still figuring out exactly what has happened and the extent of the breach.

Until further information is released, it might be wise to change your account details on Wiggle, and keep a close eye on any transactions on cards you’ve used there. So far as we can see, the reports are limited to Wiggle accounts only, with no reports of similar issues with sibling site Chain Reaction.

Let’s keep in touch

By ticking the box below we can send you our weekly story digests featuring editorials from Chipps and even the chance to be one of Charlie’s merch winners.


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .



[ad_2]

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW