Data Security

Levi’s caught with pants down: Hackers expose 72,000 customer account details


Denim clothing king Levi Strauss said some 72,000 customer accounts could be under attack from threat actors.

The retailer said in a filing with regulators that while it did not experience a network breach of its own, attackers were able to re-use passwords from other sites in order to achieve a massive theft of customer accounts.

Exposed data includes name, email, mailing address, order history, and the last four digits of the user’s payment card.

The company did not list where the breached accounts were located, though it did file required breach notifications in both California and Maine, suggesting the attack included accounts throughout the US.

“Levi Strauss & Co. recently detected suspicious activity that may have impacted your account,” the denim kingpin said in its notice to customers.

“After an investigation, we determined that unknown parties launched an automated cyberattack to attempt to access accounts.”

Such attacks are not particularly uncommon, with many people opting to re-use credentials across services, criminals will commonly purchase compromised logins en-masse and then attempt to re-use those credentials on other sites.

The result is usually a fresh crop of compromised accounts the criminals can use for further extortion accounts or resale to other attackers.

“On June 13th we identified an unusual spike in activity on our website,” Levi Straus said in its mea culpa.

“Our investigation showed characteristics associated with a ‘credential stuffing’ attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website.”

To remedy the matter, Levi Strauss has forced password resets for all of the stolen accounts, and the company is advising users to pick unique passwords this time in order to avoid further credential stuffing attacks.

“In an abundance of caution, we responded to the attack by promptly de[1]activating account credentials for all user accounts that were accessed during the relevant time period,” Levi’s said.

“If you logged into your account during this time, your legitimate access may have triggered a password reset.”

The company did not say whether it would provide any identity monitoring coverage, but did advise users to keep a close eye on their accounts and report any unauthorized or suspicious activity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.