The British health/beauty store and pharmacy Superdrug warns customers about an incident that resulted in a data breach. Reportedly, they are warning their customers about a possible data leak that may have occurred through some of their associated websites. The breach has supposedly affected 20,000 customers.
Superdrug Warns Customers Of A Possible Data Breach
Superdrug has reportedly begun informing its customers about a possible incident of disclosure of their information. They first sent emails to around 20,000 customers on Tuesday. Later on, they confirmed the genuineness of the emails on their official Twitter account.
To customers who have received an email from us today, this email is genuine. We recommend you follow the steps we outlined.
— Superdrug (@superdrug) August 21, 2018
As mentioned in their email, hackers contacted the store on August 20, 2018, telling them about gaining access to the Superdrug’s customers’ details. These details include customers’ names, dates of birth, addresses, contact numbers and reward point balances. However, they confirm that the payment or card details remained secured in the breach.
After being made aware of the incident, Superdrug notified all of its 20,000 customers, asking them to change passwords. Below is a copy of the email sent to these customers (obtained through one of their tweets).
They have also separately informed 386 customers about the breach whose details were confirmed to be hacked. This came to light from one of their tweets in response to a customer.
The email above is the generic email that was sent to the 20,000 users, this is not the email that was sent to the 386 users. We recommend that you reset your password, you can do this via the website or app. Thanks, Jake
— Superdrug (@superdrug) August 23, 2018
Superdrug Took Necessary Actions
Allegedly, the hackers did not take any data directly from the Superdrug website. Rather they possible accessed the customer’s credentials from some other websites and then exploited those credentials to access the Superdrug portal. Besides informing the customers, they have also informed the relevant law enforcement agencies about the matter.
After receiving the notification emails, customers began accessing the website to change their credentials. Due to bulk traffic, they began facing troubles logging into their accounts. As a result, Superdrug received a number of complaints from the users, meanwhile some of the users didn’t receive the emails at all. However, Superdrug officials remained active on their Twitter account to respond to their customers.
For the moment, most customers merely need to change their passwords out of an abundance of caution although if you are one of the 386 confirmed as having their details compromised this is a necessity. For any queries, anyone can contact the support email of the vendors ([email protected]).
Let us know your thoughts in the comments section.