Macys Website Hacked To Gain Customer Credit Card Information

After Adidas, Macy’s becomes the next retailer suffering a major data breach. The officials confirm a breach of customer’s data after Macys website hacked. The unknown hackers accessed the system to pilfer customers’ data including personal information and credit card details.

Macys Website Hacked Exposing Customers’ Information To Hackers

According to the emails sent by Macy’s to their customers, the company suffered a data breach after Macy’s website was hacked exposing sensitive customers’ data. The unknown hackers accessed the site’s online customer accounts for six weeks to steal their sensitive information including credit card details. Macy’s detected the breach after noticing suspicious login activities on their websites macys.com and bloomingdales.com.

As stated in their letter,

“Based on our investigation, we believe that an unauthorized third party, from approximately April 26, 2018 through June 12, 2018, used valid customer usernames and passwords to login to customer online profiles. We believe the third party obtained these customer usernames and passwords from a source other than Macy’s.”

Regarding the source of the breach, Macy’s believes that the hackers have obtained these customers’ account credentials through some other source instead of Macy’s.

After logging in to the accounts, the hackers could access all details available on the customers’ profiles. Hence, the breached data might as well include credit card information along with users’ names, addresses, contact numbers, email addresses and date of birth. Since Macys.com does not store Social Security numbers or Credit Verification Values (CVV), they remained secure.

Security Measures Have Been Taken By Macy’s

After noticing the suspicious activity, Macy’s ensured they started employing all security steps as required. Not only did they began investigations, but also notified the customers whose details were leaked. Meanwhile, they have also blocked suspicious accounts allowing the customers to reactivate them manually.

“On June 12, we blocked profiles with suspicious logins. A customer’s profile will remain blocked until the customer updates the password associated with the profile.”

They also ask their customers to keep an eye on their financial transactions. Moreover, they also recommend changing passwords and set up unique passwords to secure their accounts.

Let us know your thoughts in the comments section.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil