Warby Parker on Thursday disclosed that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain.
According to a company press release, an unknown cybercriminal actor has been attempting to access Warby Parker customer accounts by leveraging usernames and passwords that were previously stolen from other companies in unrelated breaches.
Only individuals who repeatedly use the same credentials across multiple accounts are vulnerable to this kind of attack, while those who create unique usernames and passwords each time are protected. For that reason, the company as a precaution contacted its potentially compromised customers and required them to change their passwords.
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.