Digital Commerce 360: Staples, 23andMe respond to holiday data breaches
Date published:
Dec 7, 2023
Digital Commerce 360
December 7, 2023
The Digital Commerce 360 article by Abbas Haleem discusses three recent cyberattacks on Staples, 23andME, and Henry Schein during the busiest sales time of the year – the Cyber 5.
VikingCloud cyber evangelist and product expert, Jon Marler, is quoted multiple times in the piece – and comments on how the attack on 23andMe differed from a traditional data breach. According to the company’s statements, the bad actors stole customer data, but they did so by exfiltrating via credential stuffing. Marler explains: “What that means is that there was a very large group of customers using the same password for multiple websites. This is a very well-known security problem that has gotten a lot of media attention in the past. This user practice has created a very large corpus of logins and passwords — usable on many sites — on the dark web.”
The article goes on to discuss the timing of the incidents. Marler confirms the bad actors’ strategy: “We have known for a long time that cybersecurity attacks ramp up during the holidays. This is the busiest time for online retailers, and attackers know it.” He goes on to explain that attackers launching ransomware attacks that shut down online business during the peak season have a higher likelihood of getting paid.
For more on why it is critical to maintain cybersecurity vigilance during busy business periods, read the full article at digitalcommerce360.com.