Fraudsters are warming up for the holidays, targeting household names through e-commerce site hacking and credential stuffing attacks. On November 19, 2019, news broke that Macy’s e-commerce site was infiltrated by a third party, embedding malicious code into Macy’s online checkout page.
These bad actors also placed their skimming code on the Macy’s Wallet page, used by account holders to store payment credentials. This malware collected names, full addresses, phone numbers, email addresses, payment card numbers, card security codes, and payment expiration dates belonging to shoppers who made purchases through the Macy’s website over several weeks before it was identified and removed. This type of sensitive financial information is perfect for fraudsters looking to commit credit card fraud and other forms of financial and identity crimes.
On November 16th, 2019, it was revealed that users of the brand-new Disney+ streaming service were locked out of their accounts after being hijacked by fraudsters. These cyberthieves put Disney+ members’ login credentials up for sale on the Dark Web – with usernames and passwords starting at only $3! If you use the same username and password for more than one account, hackers can easily use your login information obtained through a different data breach in credential stuffing attacks, especially on popular and in-demand sites.
Data Breach Resources for Individuals & Organizations
Whether shopping for gifts or streaming online during your down time this holiday season, be sure to practice safe online habits.
Start by updating all outdated and reused passwords to protect your accounts from account takeover. Also, be aware of sites you are visiting and keep an eye for signs the webpage is secure, such as the URL beginning with “https” rather than “http” and a padlock symbol in front of the web address.
Is your organization prepared against breaches? Do you know what to do if you experience a data security incident? Sontiq, IdentityForce’s parent company, can minimize the impact on your company and your employees with exclusive data breach solutions:
- Breach Readiness Program, helping you prepare ahead to minimize risk
- RapidResponse, ready to jump into action if you’ve already experienced a breach
Take a look at this short video to learn more:
If you think you might be exposed by a recent data breach, consider these 9 tips for data breach victims:
Additional Resources to Stay Protected While Online Shopping:
- Holiday Hacking and Online Shopping Security Risks
- Help Prevent Identity Theft & Cyber Monday Scams
- Online Shopping: Identity Theft Risks and Prevention Tips
- Protect Your Identity During Your Online Holiday Shopping
- 3 Holiday Scams on the Naughty List
- Five Tips to Ensure a Safe Holiday Shopping Season
- Holiday Shopping Tip Sheet