Between April 23 and May 10, threat actors compromised 461,091 user accounts for the e-commerce portals of Uniqlo and GU, the Japanese company that owns the two brands acknowledged in a statement on Monday.
Fast Retailing Co., the biggest retail firm in Asia, said that hackers managed to obtain access to the user accounts via a list-based attack. This implies that the attack involved credential stuffing, i.e. the use of leaked or stolen login credentials for user accounts of another service, based on the knowledge that many people reuse passwords for different accounts. Industry research shows that credential stuffing attacks are on the rise.
Read more: Over 460,000 E-Retailer User Accounts Hacked