Header image

Levi Strauss Reports Credential Stuffing Attack Affecting Thousands of Users

Jeans giant forces a password reset for affected users.

Levi Strauss has reported a credential stuffing attack which may have compromised around 72,000 customer accounts. 

The denim giant apparently said attackers were able to re-use passwords from other sites in order to access customer accounts, and potentially expose names, emails, mailing addresses, order history, and some payment card data.

“On June 13th we identified an unusual spike in activity on our website,” Levi’s said. “Our investigation showed characteristics associated with a ‘credential stuffing’ attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website.”

Forced Resets

To remedy the matter, Levi Strauss has forced password resets for all of the stolen accounts, and the company is advising users to pick unique passwords this time in order to avoid further credential stuffing attacks.

“In an abundance of caution, we responded to the attack by promptly de[1]activating account credentials for all user accounts that were accessed during the relevant time period,” Levi’s said.

Thomas Richards, principal consultant at the Synopsys Software Integrity Group, said: “Fortunately in this case, only customer emails were compromised and not complete credit card numbers or other private information.

“While the addresses may already be known publicly, this would allow an attacker to craft targeted phishing campaigns about this brand to elicit the targets to perform an action like resetting a password on a malicious landing page resembling the official one. The partially compromised credit card information would provide the attackers with a pretext of a legitimate transaction failing."


Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image