- Apr 24, 2016
Trouble for customers of the online mail-order pharmacy DocMorris. The mail-order company had already restricted payment options days ago due to invoice fraud and requires payment in advance. Now it is reported that 20,000 user accounts at DocMorris were hacked via a credential stuffing attack. DocMorris has blocked these accounts.
As of January 25, 2023, German site apotheke-adhoc.de reported that the online mail-order pharmacy DocMorris had suddenly changed its payment methods and required payment in advance. So far there were numerous possibilities with DocMorris to settle orders in on-line Shop (Paypal, credit card Mastercard or Visa, Klarna, Paydirekt, cash payment or calculation). Now probably only payment methods are allowed, where the customer pays in advance, writes apotheke-adhoc.de.
It has now become known that there was probably a credential stuffing attack on the online accounts of the online mail-order pharmacy DocMorris. In the process, the attackers sample lists of access names and passwords for the online accounts, which are known from previous hacks and are traded on the darknet. If a customer uses such access data for several online accounts or uses weak passwords that appear in these lists, the attackers gain access to the account.
According to this tweet, attackers succeeded in cracking 20,000 customer accounts at DocMorris in this way. German site heise reported here (referring to this German Spiegel article, paywall), But also at German site apotheke-adhoc.de there is this report on the credential stuffing attack on DocMorris. According to DocMorris, the affected customers had been informed in accordance with Article 34 of the General Data Protection Regulation (GDPR) and the accounts had been blocked.
[German]Trouble for customers of the online mail-order pharmacy DocMorris. The mail-order company had already restricted payment options days ago due to invoice fraud and requires payment in advance. Now it is reported that 20,000 user accounts at DocMorris were hacked via a credential stuffing...