UK high street pharmacy Superdrug disclosed late last month that personal information belonging to 20,000 customers may have been breached. A spokeswoman for the health and beauty company explained that they were contacted by hackers who claimed that they had obtained the details and would release them unless a ransom was paid. When asked for evidence that the hackers truly had the information, 386 accounts were sent through.
Superdrug said that no credit card information had been taken, but customers’ names, addresses and in some cases dates of birth, phone numbers and points balances may have been accessed.
ComputerWorld reports that there is evidence to suggest that there was no hack on Superdrug itself, but that the hackers used a technique known as credential stuffing. This is where stolen login credentials from elsewhere are tested on other sites to gain access.
Customers who may have had their data harvested were sent an email and asked to change their passwords. They were also advised to change them regularly in future.
Read the full story on ComputerWorldUK.com