Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords.
Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to the credentials from Site A try them on Site B, often via automation, and gain access to the user’s account.
Read more…
Source: Malwarebytes Labs