Some of Australia’s biggest brands have been hit with a credential stuffing attack affecting thousands of customers around the country.
Updated 17/1/24: Clarified that no Binge customers credit card details had been compromised and added comment from a company spokesperson.
Scammers, based in Australia are thought to have purchased compromised account details from overseas hackers and used the usernames, emails and passwords to purchase iPhones, clothing and almost $800 worth of top-shelf alcohol with strangers’ money. The details were revealed by the Sydney Morning Herald.
Dan Murphy’s parent company Endeavour Group, confirmed that its customers had been the victims of credential stuffing fraud in recent weeks.
“A small number of user accounts were subject to fraudulent transactions as a result of email and passwords; these were obtained through unrelated third-party breaches and not due to our internal systems being compromised,” a spokesman said.
“Our team took immediate action and has been working with affected customers.”
Binge confirmed that no customer credit card details had been compromised.
“BINGE customers remain unaffected by credit card scams including the one reported by Kasada and no credit card details have been compromised. Credit card details are managed off-platform as part of the comprehensive cyber security systems we have in place. Our customer accounts are monitored 24/7 for cyber activity that may compromise accounts and we have…