Neiman Marcus, Luxury Retailer Encounters Hack into Customers’ Online Accounts
In the end-week of January, 2016, Neiman Marcus Group a luxury retailer informed a few of its clients that cyber-criminals had acquired illegitimate admission into their Internet A/Cs.
The retail enterprise said the incident occurred on/around 26th December 2015, the time attackers tried different combinations of password and login credentials through automated assaults during certain initiative to reach clients' Internet A/Cs created on the websites: CUSP, Horchow, Last Call, and Bergdorf Goodman along with Neiman Marcus.
In one letter dated January 29, 2016 that was dispatched to the clients from the retailer, it was said that beginning December 26, 2015, system administrators of the company observed one cyber-assault targeting several websites that Neiman Marcus used as a medium to sell its goods over the Internet. The assaults were not destructive as such, however, were several automated login trials carried out serially which tried guessing combinations of active usernames and passwords.
According to Neiman Marcus, one percent less all the assaults repelled, but that 1%, which was capable of squeezing through, allowed attackers for correctly guessing more than 5,200 combinations of usernames and passwords as also acquire admission into the profiles of end-users on the above mentioned sites.
Evidently, through seventy of these user A/Cs, the hackers, according to the retailer, carried out fraudulent transactions; however, Neiman's IT staff worked fast enough towards spotting the intrusions followed with returning lost money to all affected clients. Softpedia posted this, February 2, 2016.
Moreover, within one notice about the data breach the company submitted to Attorney General's Office in California, Neiman stated that it had conducted an all-inclusive response as well as investigation for comprehending to what extent the incident had affected. Interestingly, security staff at Neiman feels the hackers utilized username-password combos obtained via carrying out other data hacks while found those that were as well active on Neiman's online sites, being quite aware that people frequently use same usernames/passwords over multiple sites.
Neiman Marcus now wants that affected clients reset their passwords before logging in again. In the meantime, they should also keep a watchful eye for dubious operations over their credit reports and other financial accounts.
» SPAMfighter News - 2/11/2016