PetSmart Issues Alert on Credential Stuffing Attempts Targeting User Accounts

PetSmart, the nation’s leading pet supplies retailer, has issued a warning to customers regarding the reset of their passwords following a series of credential stuffing attacks aimed at unauthorized account access.

Recent reports, initially highlighted by DarkWebInformer, revealed that PetSmart customers are the targets of ongoing credential stuffing attacks, which leverage previously exposed login details to compromise accounts.

Responding to the Cyber Incident

In response, PetSmart has proactively reset the passwords for accounts that were accessed during the attack period. This precautionary measure was taken due to the inability to distinguish between legitimate users and potential attackers.

The company conveyed its assurance to its customers through an email alert, stating, “We want to assure you that there is no indication that petsmart.com or any of our systems have been compromised.” 

The email further explained that an uptick in password guessing attempts on their website prompted the reset of affected accounts’ passwords as a protective step. Customers are advised to reset their passwords upon their next visit to petsmart.com by using the “forgot password” link, ensuring their accounts’ security.

Email received by PetSmart customers (Source: DarkWebInformer)

The Broader Impact of Credential Stuffing Attacks

Credential stuffing attacks exploit login credentials from data breaches to attempt access to other platforms. These breaches can lead to a range of malicious activities, from fraudulent transactions to the sale of compromised accounts for further misuse.

Similar attacks have previously impacted major companies like PayPal, Spotify, Xfinity, Chick-fil-A, FanDuel, and DraftKings, causing significant financial damages. A notable incident involved an 18-year-old accused of hacking 60,000 DraftKings accounts and selling them on an illicit marketplace, resulting in substantial financial losses far exceeding initial estimates.

Final Word

PetSmart’s swift response to credential stuffing attacks by resetting passwords showcases their commitment to safeguarding customer accounts against the backdrop of a growing cyber threat landscape.