Security

Super-mugs: Hackers claim to have snatched 20k customer records from Brit biz Superdrug

Or just 386, according to chain

By Paul Kunert

46 SHARE

Hackers claim to have grabbed the personal details of almost 20,000 bods who shopped online at Superdrug, the British cosmetics retailer has confirmed. Payment card details are not said to be among the haul.

The biz has emailed customers, El Reg can confirm, advising them of the “possible disclosure of your personal data, but not including your payment card information.”

“On the evening of the 20th of August, we were contacted by hackers who claimed they had obtained a number of our customers’ online shopping information,” the note from boss Peter Macnab stated.

“There is no evidence that Superdrug’s systems have been compromised. We believe the hacker obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website."

The cyber villains alleged they had “obtained information on approximately 20,000 customers but we have only seen 386,” the chain added, leading us to believe this is a classic credential-stuffing stunt by the crooks. That's when scumbags take passwords and usernames leaked from one website and use them to log into accounts on other sites, exploiting the fact people reuse their passphrases across various online services and profiles.

Customers’ names, postal addresses and “in some instances” date of birth, phone number and points balances “may have been accessed”, the email stated. The retailer advised customers to update their Superdrug.com password “now and on an on-going, frequent basis.”

Superdrug has contacted the cops and Action Fraud about the incident, and “will be offering them all the information they need for their investigation.” It is believed the miscreants contacted the retailer in hope of extorting money from the business in exchange for their silence.

A spokesperson for Superdrug was not available for immediate comment. ®

Sign up to our NewsletterGet IT in your inbox daily

46 Comments

More from The Register

UK mobile operator Three launches Superdrug Mobile MVNO

More opportunities to get to punters in crowded market

Overheard at a Brit mobe network: On the count of Three UK, smile and say, er... we lost how many customers?

Never mind, we've got a fistful of spectrum and 5G's a-coming...

The Chinese are here: Xiaomi to bring phones to the UK next month

Next stop, formaldehyde-free mattresses?

3 moves into Superdrug

Nappies, aspirin and a video phone, please

Feel old? You will now: Blighty's mobile network Three is a teenager

A brief history of Li Ka-shing's feisty challenger network

Loyalty card? Really? Why data-slurping store cards need a reboot

An IoT marriage is the future

3 gives up (Super)drugs

Cuts down to 20 stores

3 shifts phones through Xtra-vision video stores

X-clusive

Orange hears his master's voice

Handsets find shelf space in HMV

Getronics buys PinkRoccade

Going Dutch