Levi’s Online Store Security Incident: Personal Information and Payment Details Potentially Compromised
Levi’s Online Store Hit by Credential-Stuffing Attack, 72,000 Accounts Affected
Levi’s, the iconic denim jeans maker, recently disclosed that their online store was targeted in a cyberattack that compromised the personal information of over 72,000 accounts. The security incident, identified on July 13th, involved an automated credential-stuffing attack that may have exposed order history, names, emails, and stored addresses of affected customers.
Additionally, partial payment details such as the last four digits of card numbers, card types, and expiration dates were potentially viewed by the threat actor, especially for customers who had saved payment methods on the platform. Despite this breach, Levi Strauss assured customers that no fraudulent purchases were made using the compromised information, as their systems require secondary authentication for payment methods.
The company attributed the incident to an automated credential-stuffing attack, a common tactic where cybercriminals use stolen credentials from one platform to gain unauthorized access to accounts on another platform. In response, Levi Strauss enforced a forced password reset for all affected accounts, urging customers to create strong and unique passwords to enhance security.
This breach comes amidst a wave of cyberattacks targeting online platforms, with streaming service Roku also recently falling victim to a credential-stuffing attack affecting 576,000 accounts. As cybersecurity threats continue to evolve, it is crucial for users to remain vigilant and take proactive measures to safeguard their online accounts.