Major retailers, including The Iconic, are navigating a surge in a specific credit card scam called ‘credential stuffing’.
Scammers are taking advantage of customers who use the same email and password login across various accounts, where they can log in and purchase items.
According to various media reports, Australian businesses such as Guzman y Gomez, Binge, Dan Murphy’s, TVSN, and Event Cinemas are the key affected retailers.
These reports follow an alert issued by The Iconic last week, stating some of its customers had been hit by this scam, with the online marketplace issuing a full investigation.
The Iconic shared a response on Facebook stating it was aware that there has been unauthorised access to a number of customer accounts.
“This is not as a result of a breach of any of The Iconic’s internal systems,” the company wrote.
“These unauthorised third party login attempts used a technique known as ‘credential stuffing’ where the unauthorised third party used login credentials sourced through data breaches that are unrelated to The Iconic.
“Please know that this is an ongoing investigation and we will continue to provide updates to any impacted customers to ensure they are kept informed.”
According to The Iconic, its customer service team is working to intercept any fraudulent orders and provide refunds to impacted customers. Affected customers are being asked to email the company, or connect via live chat or direct message on Instagram or Facebook.
“We are working with our expert cybersecurity partners to assess the incident as a priority.
“We are working with affected customers who notify us of unusual activity. We intend to directly contact customers whose accounts may be impacted as we continue to investigate the incident. We will provide specific recommendations to these customers and provide appropriate support.”
The Iconic also issued an email to all its customers, asking them to change their passwords and be vigilant.
Ragtrader has reached out to The Iconic for further comment.