Incident: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

While not directly hacked, the unauthorised third party used a technique known as ‘credential stuffing’

Company Statement: SUSPECTED UNAUTHORISED ACCESS
Source: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

View more incidents relating to Retail sector.

Update 11 Jan 2024: Customers of The Iconic at risk of being defrauded due to lack of payment verification measures | ABC News Australia
the online retailer also confirmed that a transaction “may be made” as it does not require a customer to verify their CVC numbers.

Online retailer The Iconic has vowed to refund customers who have been left out of pocket by thousands of dollars after their accounts were compromised and fraudulent orders were made without their permission.

Many customers have been left out of pocket by thousands of dollars and have struggled to contact The Iconic and get a timely response. The Iconic confirmed affected customers would be compensated.

The Iconic’s response stated says it has not been the victim of a cyber attack, but rather a credential stuffing attack, where hackers use leaked email and password combinations from other sites. The company vows to refund affected customers.

Credential stuffing attacks are possible because many users reuse the same username/password combination across multiple sites. This type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application.

As part of this investigation, we are working closely with expert cyber security partners to assess the impact of the incident. We have notified law enforcement authorities including the Police and the Australian Cyber Security Centre, as well as the Office of Australian Information Commission (OAIC). This investigation remains ongoing.

Source link

What's Hot

Incident: Cyber attack on Victoria’s court system may have exposed recordings of sensitive cases | ABC News Australia

How Secure by Design Helps Developers Build Secure Software

CVE-2026-4300 | THREATINT

Incident: Cyber attack on Victoria’s court system may have exposed recordings of sensitive cases | ABC News Australia

CVE-2026-4300 | THREATINT

Unauthenticated access to local configuration

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Our Picks

Incident: Cyber attack on Victoria’s court system may have exposed recordings of sensitive cases | ABC News Australia

How Secure by Design Helps Developers Build Secure Software

CVE-2026-4300 | THREATINT

Subscribe to Updates

What's Hot

Incident: The Iconic promises refunds after a spate of fraudulent transactions on customer accounts | ABC News Australia

While not directly hacked, the unauthorised third party used a technique known as ‘credential stuffing’

Related

Related Posts

Subscribe to Updates