Network Security

Credential stuffing attacks reported by PetSmart

Cry havoc! And let loose the dogs of crypto! New CrowdStrike research details a cryptojacking campaign (called “Kiss-a-Dog”) targeting Docker and Kubernetes cloud servers around the world. (Image credit: Melissaperryphtography via Getty).

Major U.S. pet-oriented superstore chain PetSmart had its customers' online accounts subjected to credential stuffing attacks, which have prompted the company to implement a password reset for all accounts logged in during the intrusions, BleepingComputer reports.

Despite a spike in password guessing attacks against PetSmart's website, there has been no evidence suggesting the compromise of the company's website and servers, according to PetSmart. "In an abundance of caution to protect you and your account, we have inactivated your password The next time you visit, simply click the "forgot password" link to reset your password," said PetSmart in an email alert sent to customers initially discovered by DarkWebInformer. Such an incident comes amid the growing prevalence of credential stuffing attacks during the past few years, with fast food chain Chick-fil-A, sports betting sites FanDuel and DraftKings, financial tech firm PayPal, telecommunications company Comcast Xfinity, and audio streaming app Spotify among the most notable victims.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.