Incident: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

While not directly hacked, the unauthorised third party used a technique known as ‘credential stuffing’

Company Statement: SUSPECTED UNAUTHORISED ACCESS
Source: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

View more incidents relating to Retail sector.

Update 11 Jan 2024: Customers of The Iconic at risk of being defrauded due to lack of payment verification measures | ABC News Australia
the online retailer also confirmed that a transaction “may be made” as it does not require a customer to verify their CVC numbers.

Online retailer The Iconic has vowed to refund customers who have been left out of pocket by thousands of dollars after their accounts were compromised and fraudulent orders were made without their permission.

Many customers have been left out of pocket by thousands of dollars and have struggled to contact The Iconic and get a timely response. The Iconic confirmed affected customers would be compensated.

The Iconic’s response stated says it has not been the victim of a cyber attack, but rather a credential stuffing attack, where hackers use leaked email and password combinations from other sites. The company vows to refund affected customers.

Credential stuffing attacks are possible because many users reuse the same username/password combination across multiple sites. This type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application.

As part of this investigation, we are working closely with expert cyber security partners to assess the impact of the incident. We have notified law enforcement authorities including the Police and the Australian Cyber Security Centre, as well as the Office of Australian Information Commission (OAIC). This investigation remains ongoing.

Source link

What's Hot

KMW CCTV Security Cameras | CISA

US charges Google security engineer with Polymarket insider trading

CVE-2026-10152 | THREATINT

KMW CCTV Security Cameras | CISA

CVE-2026-10152 | THREATINT

SSA-645131 V1.0: Multiple WRL File Parsing Vulnerabilities in Teamcenter Visualization

Catchy & Intriguing

Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

The Essential Guide to Removing Computer Infections: Step-by-Step Remedies

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular

Catchy & Intriguing

Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

The Essential Guide to Removing Computer Infections: Step-by-Step Remedies

Our Picks

KMW CCTV Security Cameras | CISA

US charges Google security engineer with Polymarket insider trading

CVE-2026-10152 | THREATINT

Subscribe to Updates

What's Hot

Incident: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

While not directly hacked, the unauthorised third party used a technique known as ‘credential stuffing’

Related

Related Posts

Subscribe to Updates