Npower
February 26, 2021
•[ hack, brute-force, energy ]
British energy provider Npower suffers a credential stuffing attack, forcing the company to shut down its mobile app.
Department of Workforce Development in Wisconsin
October 28, 2020
•[ hack, brute-force, government ]
The Wisconsin Department of Workforce Development says that hackers were able to access 116 active unemployment accounts in a credential stuffing attack and divert unemployment insurance payments.
The North Face
October 8, 2020
•[ hack, brute-force, retail ]
The North Face was the victim of a credential stuffing attack in October.
California Employment Development Department
September 10, 2020
•[ financial, hack, brute-force ]
The California Employment Development Department reveals that cyber criminals have been collecting credentials from breaches worldwide to fraudulently collect California unemployment benefits.
GCKey
August 17, 2020
•[ hack, brute-force, government ]
According to a press release issued by the Treasury Board of Canada Secretariat, thousands of user accounts for online government services were recently hacked. The hackers targeted GCKey, a service that is used by some 30 federal departments, with credential stuffing.
Instacart
July 23, 2020
•[ leak, brute-force, retail ]
Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web.
Tokopedia
May 3, 2020
•[ hack, brute-force, retail ]
A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.
Boots
March 4, 2020
•[ hack, brute-force, retail ]
Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.
Tesco
March 2, 2020
•[ hack, brute-force, retail ]
Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.
Australian PayID users
August 26, 2019
•[ hack, brute-force, finance ]
Tens of thousands of Australians have had their personal banking information hacked by fraudsters, after fraudulent accounts worked to generate a series of random numbers and retrieve the victims' PayID details.
Transport for London (TfL)
August 8, 2019
•[ hack, brute-force, government ]
Transport for London (TfL) is forced to temporarily suspend the website for its Oyster system after an apparent credential stuffing attack on customers.
State Farm
August 7, 2019
•[ hack, brute-force, finance ]
US banking and insurance giant State Farm says it suffered a credential stuffing attack in July, during which "a bad actor" was able to confirm valid usernames and passwords for State Farm online accounts.
DNForum
July 26, 2019
•[ hack, brute-force, technology ]
DNForum.com sends out password reset requests to its users after attempts to access the accounts.
Edgepark Medical Supplies
July 18, 2019
•[ hack, brute-force, manufacturing ]
Edgepark Medical Supplies notifies 6,572 patients after a "password spray attack" occurred in May 2019.
King's College London
April 9, 2019
•[ hack, brute-force, education ]
King's College London warns staff and students that some accounts have been "compromised" due to an apparent brute-force attack on password systems.
Citrix
March 6, 2019
•[ hack, brute-force, technology ]
FBI informs Citrix of a data breach that appears to have begun with a 'password spraying' attack aimed to steal weak credentials to access the company's network.
Dunkin' Donuts
February 12, 2019
•[ hack, brute-force, retail ]
Dunkin' Donuts announces that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts.
OkCupid
February 12, 2019
•[ hack, brute-force, technology ]
Users of the OkCupid dating app are the victims of a credential stuffing attack.
Basecamp
January 29, 2019
•[ hack, brute-force, technology ]
Basecamp suffers an hour-long credential stuffing attack targeting its platform.
DailyMotion
January 25, 2019
•[ hack, brute-force, technology ]
Video sharing platform DailyMotion announces that it was the victim of a credential stuffing attack.
