The details of almost 20,000 online Superdrug customers have been hacked, the cosmetics retailer has confirmed. Payment card details are not said to be among the data stolen.
Superdrug boss Peter Macnab has emailed customers to inform them of the “possible disclosure of your personal data, but not including your payment card information.”
“On the evening of the 20th of August, we were contacted by hackers who claimed they had obtained a number of our customers’ online shopping information. There is no evidence that Superdrug’s systems have been compromised. We believe the hacker obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website.”
The email explained that the hackers had “obtained information on approximately 20,000 customers but we have only seen 386.”
According to IT site, The Register, it seems that the hackers had “taken passwords and usernames stolen from one website and used them to log into accounts on other sites, exploiting the fact people reuse their passphrases across various online services and profiles.”
The Superdrug email also stated that customers’ names, postal addresses and “in some instances” dates of birth, phone numbers and points balances “may have been accessed”. Superdrug advises its customers to update their Superdrug.com password “now and on an on-going, frequent basis.”
Action Fraud and the police have been notified and it is believed the hackers contacted Superdrug to extort money from the business to keep the hack quiet.
CALL US ON 0203 005 9650 FOR SUPERIOR CYBER SECURITY
Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.