20,000 accounts hacked at online mail-order pharmacy DocMorris

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,259
Content source
https://borncity.com/win/2023/01/30/20000-accounts-hacked-at-dutch-online-mail-order-pharmacy-docmorris-jan-2023/
Trouble for customers of the online mail-order pharmacy DocMorris. The mail-order company had already restricted payment options days ago due to invoice fraud and requires payment in advance. Now it is reported that 20,000 user accounts at DocMorris were hacked via a credential stuffing attack. DocMorris has blocked these accounts.

As of January 25, 2023, German site apotheke-adhoc.de reported that the online mail-order pharmacy DocMorris had suddenly changed its payment methods and required payment in advance. So far there were numerous possibilities with DocMorris to settle orders in on-line Shop (Paypal, credit card Mastercard or Visa, Klarna, Paydirekt, cash payment or calculation). Now probably only payment methods are allowed, where the customer pays in advance, writes apotheke-adhoc.de.
Click to expand...
It has now become known that there was probably a credential stuffing attack on the online accounts of the online mail-order pharmacy DocMorris. In the process, the attackers sample lists of access names and passwords for the online accounts, which are known from previous hacks and are traded on the darknet. If a customer uses such access data for several online accounts or uses weak passwords that appear in these lists, the attackers gain access to the account.
Click to expand...
According to this tweet, attackers succeeded in cracking 20,000 customer accounts at DocMorris in this way. German site heise reported here (referring to this German Spiegel article, paywall), But also at German site apotheke-adhoc.de there is this report on the credential stuffing attack on DocMorris. According to DocMorris, the affected customers had been informed in accordance with Article 34 of the General Data Protection Regulation (GDPR) and the accounts had been blocked.
Click to expand...

20,000 accounts hacked at Dutch online mail-order pharmacy DocMorris (Jan. 2023)

[German]Trouble for customers of the online mail-order pharmacy DocMorris. The mail-order company had already restricted payment options days ago due to invoice fraud and requires payment in advance. Now it is reported that 20,000 user accounts at DocMorris were hacked via a credential stuffing...
borncity.com
 
  • Like
  • Wow
  • +Reputation
Reactions: Shadowra, vtqhtr413, Dave Russo and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News Roku warns 576,000 accounts hacked in new credential stuffing attacks
Replies
0
Views
1,381
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • +Reputation
Security News Okta warns of "unprecedented" credential stuffing attacks on customers
Replies
0
Views
1,444
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
Security News Hackers Keep Stealing Tickets From People’s Ticketmaster Accounts
Replies
0
Views
260
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top