Search

Security Advisory : PetSmart Warns Customers of Credential Stuffing Attack

INTRODUCTION​

PetSmart, a pet retail giant in the United States, is alerting certain customers about password resets resulting from an ongoing credential stuffing attack attempting to breach existing accounts. The company released a statement on March 6 to let customers know about the credential stuffing attack. 

As a precaution, PetSmart reset the passwords for any accounts logged in during the credential stuffing attack. Additionally, they reassured customers that there was no evidence of compromise to petsmart.com or any of their systems during the incident.

WHAT IS CREDENTIAL STUFFING?


A credential stuffing attack is a type of cyber-attack in which threat actors use previously acquired usernames and passwords, typically obtained from data breaches, to gain unauthorized access to user accounts on various online platforms. 

Threat actors usually automate the process of trying these login credentials across multiple websites and services. Threat actors are cognizant of the fact that people commonly reuse passwords across various accounts, making them even more inclined to exploit this widespread behavior.

A person working on their laptop

HOW TO PROTECT YOURSELF AGAINST CREDENTIAL STUFFING ATTACKS

Although cyber breaches may be unavoidable, you can still prevent breached details from being used on other websites or services by taking the following precautions:

  1. Use Unique Passwords For Each Account – Minimize the impact if one account is compromised.
  2. Enable Multi-Factor Authentication (MFA) – Implement MFA wherever possible to add an additional layer of security.
  3. Update Outdated Passwords Change your passwords periodically, especially for critical accounts like email, banking, and social media.
  4. Limit Access – Only use trusted devices and networks to access sensitive accounts. Avoid logging in from public computers or unsecured Wi-Fi networks to access sensitive accounts. Ensure that you are not saving your credentials on a public computer. 

HOW RICHTER GUARDIAN CAN HELP YOU

  • Our dark web monitoring platform can identify compromised credentials linked to your personal and work email addresses. We’ll also provide guidance on improving your password practices.
  • Call us or send us an email at: +1 844-908-3950 and support@richterguardian.com if you are unsure. Connect with our cyber concierge to verify the legitimacy of a situation.