Credential Stuffing Leads to J. Crew Data Breach

Mar 18, 2020 | Internet Scam & Alerts




itrc_ss_jcrew_1616836291 Credential Stuffing Leads to J. Crew Data Breach

There are a variety of ways that hackers can infiltrate a company’s network and steal users’ information. J. Crew Group, a clothing retailer with various online retail shopping sites and nearly 500 brick-and-mortar stores, recently announced that it had discovered a J. Crew data breach of the company’s servers in April of 2019, and has traced the breach back to a tactic known as credential stuffing.

Credential stuffing is a growing problem and has exploded since 2018, mostly because the necessary information is available for sale online and anyone with a little bit of know-how can do it. It can happen when anyone reuses their email addresses and password on multiple accounts. According to the Identity Theft Resource Center’s 2019 Data Breach Report, 83 percent of people use the same password for more than one account. If your information is ever stolen in a data breach and you have used that same username and password combination on other websites or apps, a hacker who accessed your stolen information—or someone who buys your stolen information on the Dark Web—can test out your credentials on other sites.

J. Crew’s investigation found that information such as names, billing and shipping addresses and the last four digits of stored payment cards were accessed in the J. Crew data breach by outsiders who relied on this method of breaking in. Other details were compromised, but nothing permanent like birthdates or Social Security numbers.

This is just one of many reasons why it is important to establish strong, unique passwords on all of your accounts, no matter how sensitive or inconsequential they may seem.

The company has completed a forced password reset and issued data breach notification letters. Anyone whose information was exposed in the J. Crew data breach can also contact the Identity Theft Resource Center’s toll-free number at 888.400.5530 or via the website’s live chat feature to speak with an expert advisor if they need more information. This resource can also help you come up with actionable steps if you need them.

In this or other data breaches, ITRC’s free ID Theft Help App can help you too. Simply download it from your device’s preferred app store in order to keep tabs on your specific incident and monitor what actions you have taken. You can even reach out to the ITRC for assistance directly through the app.


You might also like…

WordPress Development

SEO NEWS

seo news

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.