Japan’s online retailing store ‘Fast Retailing’ has released a press statement yesterday that the websites of its business subsidiaries UNIQLO Japan and GU Japan were hacked due to which customer accounts from April 23rd, 2019 to May 10th, 2019 were compromised.
News is out that the online store became victim to a credential stuffing cyber attack due to which details such as customer name, address, phone number, email addresses, gender, date of birth, purchase history, clothing measurements, and most importantly credit card info were leaked.
The IT staff of UNIQLO and GU discovered unauthorized access by the 3rd party on May 10th, 2019 using a user ID and password of an employee who was later found to be innocent in the whole incident.
Fast Retailing is urging its customers to update the passwords to avoid further loss and has found that the count of fraudulently accessed accounts has reached 461,091.
Note 1- The latest incident comes just within a month of an announcement by the Japanese government that it will be hacking all IoT devices of its citizens in order to test their defense line of skills. So, citizens who are using default usernames and passwords are being urged to change their credentials as soon as possible. The Japanese government has issued a request to all Internet service providers to alert the citizens on this issue.
Note 2-The announcement was issued by the National Institute of Information and Communications Technology (NICT) with the back up of the Ministry of Internal Affairs and Communications.