CVE-2024-7292

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

By Waqas The data breach occurred a few days before Christmas on December 21, 2023, but the details have only been revealed now. This is a post from HackRead.com Read the original post: Jasons Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack...

School app Seesaw compromised to send shock NSFW image

On Wednesday, parents and teachers reported that student learning platform, Seesaw, had been hacked after some users received an infamous explicit photo known as "goatse" on private chats. Schools from districts in Colorado, Illinois, Kansas, Michigan, New York, Oklahoma, South Dakota, and Texas...

The North Face hit by credential stuffing attack

The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a "large-scale" credential stuffing attack. This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers?...

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

On Wednesday, Verizon’s Visible – an all-digital, uber-cheap wireless carrier – confirmed what customers have been complaining about on Reddit and Twitter all week: They lost control of their accounts; had their passwords and shipping addresses changed; and some got stuck with bills for pricey ne...

Credential-Stuffing Attack Hits The North Face

The North Face has reset its customers’ passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter’s website. In a recent data-breach notification, the company told customers that it was alerted to “unusual activity involving its website,”...

HackerOne: 2020-10-09 Credential Stuffing Attack

Executive summary On October 4, 2020 and October 5, 2020, an attacker launched two credential stuffing attacks against HackerOne.com. On October 9, 2020, HackerOne’s Security team noticed the attack during their weekly audit of anomalies in their log aggregation platform, leading to the Incident...

Fill your Boots with credential stuffing protections

Yet again another company suffers a ‘hack’ that turns out to be nothing more than a credential stuffing attack. This time Boots have stopped customers using advantage card points to pay for products. This is after 600,000 Tesco accounts were compromised in the same way. No systems at Boots were...

State Farm Falls Victim to Credential-Stuffing Attack

State Farm Insurance is notifying customers that accounts have been compromised by hackers in a credential-stuffing attack. Credential-stuffing is accomplished by hackers who take advantage of users who often reuse the same passwords across multiple online accounts. The cyberattackers use stolen...

Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which i...

HSBC Data Breach Hits Online Banking Customers

International banking giant HSBC has reported that it was breached in October, as a result of a credential-stuffing attack. In a notice PDF filed with the state of California, the bank said that it became aware of some online accounts being accessed by unauthorized users between October 4 and 14...