Password pirates are after PetSmart accounts


PetSmart, a leading retailer of pet supplies and services in America, is warning customers about increased password-guessing attacks, also known as credential stuffing.

The company asserts that there are no indications that any of its systems have been compromised. However, internal security tools saw an increase in password-guessing attacks on petsmart.com. Customers who were logged in during this time received a letter informing them about inactivated passwords, Dark Web Informer shared on X.

“While the login may have been valid, we wanted you to know. In an abundance of caution to protect you and your account, we have deactivated your password on petsmart.com. The next time you visit petsmart.com, simply click the "forgot password" link to reset your password,” the letter reads.

The company is rightfully worried about fraudsters constantly trying to obtain user names and passwords and then reusing them on multiple platforms and websites, including petsmart.com.

The letter advises using strong passwords and changing them a few times a year. However, most such attacks can be stopped simply by enabling multi-factor authentication.

“We’d like to like to praise PetSmart for the way in which it handled the attack, setting a good example by warning customers,” Malwarebytes Labs said in its blog post. “While we don’t agree with everything in the email – a strong password would not have made a difference here – it is informative, to the point, and helpful.”

Credential stuffing attacks usually begin with cybercriminals obtaining massive troves of usernames and passwords from previous breaches. Automated tools allow the unleashing of bots to rapidly cycle through login credentials, hammering websites and online services in an attempt to compromise user accounts.


More from Cybernews:

She’s behind your Android VPN app: I do magic

FDA approves blood glucose monitor compatible with smart devices

JetBrains vulnerability actively exploited in the wild: CISA urging users to patch

Apple won‘t update third-party apps if users leave the EU

Russia claims of US cyber offense surface on X

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked