Superdrug Warns Customers Of A Data Breach Through Third-Party Sites

The British health/beauty store and pharmacy Superdrug warns customers about an incident that resulted in a data breach. Reportedly, they are warning their customers about a possible data leak that may have occurred through some of their associated websites. The breach has supposedly affected 20,000 customers.

Superdrug Warns Customers Of A Possible Data Breach

Superdrug has reportedly begun informing its customers about a possible incident of disclosure of their information. They first sent emails to around 20,000 customers on Tuesday. Later on, they confirmed the genuineness of the emails on their official Twitter account.

As mentioned in their email, hackers contacted the store on August 20, 2018, telling them about gaining access to the Superdrug’s customers’ details. These details include customers’ names, dates of birth, addresses, contact numbers and reward point balances. However, they confirm that the payment or card details remained secured in the breach.

After being made aware of the incident, Superdrug notified all of its 20,000 customers, asking them to change passwords. Below is a copy of the email sent to these customers (obtained through one of their tweets).

They have also separately informed 386 customers about the breach whose details were confirmed to be hacked. This came to light from one of their tweets in response to a customer.

Superdrug Took Necessary Actions

Allegedly, the hackers did not take any data directly from the Superdrug website. Rather they possible accessed the customer’s credentials from some other websites and then exploited those credentials to access the Superdrug portal. Besides informing the customers, they have also informed the relevant law enforcement agencies about the matter.

After receiving the notification emails, customers began accessing the website to change their credentials. Due to bulk traffic, they began facing troubles logging into their accounts. As a result, Superdrug received a number of complaints from the users, meanwhile some of the users didn’t receive the emails at all. However, Superdrug officials remained active on their Twitter account to respond to their customers.

For the moment, most customers merely need to change their passwords out of an abundance of caution although if you are one of the 386 confirmed as having their details compromised this is a necessity. For any queries, anyone can contact the support email of the vendors (help@superdrug.com).

Let us know your thoughts in the comments section.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil