"Credential Stuffing Attack Hits 72,000 Levi’s Accounts"

Levi's recently announced that tens of thousands of their customers may have had their accounts compromised after a credential stuffing attack.  The company noted that 72,231 individuals may have been impacted by the incident, which occurred on June 13.  After the credential stuffing attack was discovered, Levi's said that it promptly forced a password reset the same day for all user accounts that were accessed during the relevant time period.  If any accounts were compromised, the threat actors wouldn't have been able to take much.  However, they may have enough personally identifiable information (PII) on victims to launch convincing follow-on phishing attacks impersonating Levi's brand or other entities.  The company noted that anyone who accessed a customer account would be able to view the information contained there, such as your order history, name, email, stored addresses, and, if you have saved a payment method, partial information that includes the last four digits of the card number, card type, and expiration date. 

Infosecurity Magazine reports: "Credential Stuffing Attack Hits 72,000 Levi’s Accounts"