Japan folks, please pay attention!

  [1]Hackers Access Over 461,000 Accounts in Uniqlo Data Breach:

    Fast Retailing, the company behind multiple Japanese retail brands,
    announced that the UNIQLO Japan and GU Japan online stores have been
    hacked and third parties accessed 461,091 customer accounts
    following a credential stuffing attack.

    As detailed in the official statement issued Fast Retailing
    following the security breach, the credential stuffing attack which
    led to the data breach took place between April 23 and May 10, 2019,
    with the number of compromised accounts possibly being higher seeing
    that the investigation has not yet concluded.

    "While the number of incidents and circumstances may change during
    the course of the investigation, Fast Retailing is today providing
    notice of the facts as determined at the present time, and the
    company's response," says Fast Retailing.

    The company also listed the customer information which got accessed
    during the attack:

  • Customer name (last name and first name)
  • Customer address (postal code, address, and apartment number)
  • Customer phone number, mobile phone number, email address, gender,
  date of birth, purchase history, and clothing measurements
  • Receiver name (last name and first name), address, and phone number
  • Customer partial credit card information (cardholder name, expiration
  date, and portion of credit card number). The credit card numbers
  potentially accessed are hidden, other than the first four and last
  four digits. In addition, the CVV number (credit card security code) is
  not displayed or stored.

    On May 13, Fast Retailing disabled the account passwords of 461,091
    UNIQLO Japan and GU Japan online shop customers and started sending
    emails to all affected individuals to reset their passwords.

    Fast Retailing discovered the breach after multiple customers
    reports of weird account activity and blocked the attackers from
    accessing the company's computing systems, while also "strengthening
    monitoring of other access points."

    "Fast Retailing has also filed a report of damages regarding the
    unauthorized logins with the Tokyo Metropolitan Police," states the
    data breach notification.

    The company concludes the data breach notification [[2]EN, [3]JP] by
    asking all its customers to change their passwords especially if
    they're also using them on other online platforms:

  Fast Retailing is therefore requesting everyone who uses the same user
  ID or password with other services, not just the customers who have
  been contacted individually, to change their passwords immediately. The
  company recognizes that protecting customer information is a matter of
  the highest priority, considering this incident extremely serious, and
  is strengthening monitoring of unauthorized access, as well as taking
  other steps to further ensure that customers are able to shop with
  safety.

    Customers who want more details regarding the data breach can
    contact the company's customer service team using the free of charge
    0800-000-1022 support phone line "available 9:00-17:00, including
    weekends and holidays," or via e-mail at
    [email protected].

    While the number of Fast Retailing online customers is not public,
    "Internet sales made up 10% of domestic sales in the first half of
    the company's current fiscal year," as [4]Bloomberg initially
    reported.

  (Via [5]BleepingComputer)

  I like how fast this was disclosed. I don't like that I learned about
  it from a non-Japanese news source.
    __________________________________________________________________

  My original entry is here: [6]Hackers Access Over 461,000 Accounts in
  Uniqlo Data Breach. It posted Wed, 15 May 2019 08:27:16 +0900.
  Filed under: business, Japan,

References

  1. https://www.bleepingcomputer.com/news/security/hackers-access-over-461-000-accounts-in-uniqlo-data-breach/
  2. https://www.fastretailing.com/eng/group/news/1905132000.html
  3. https://www.fastretailing.com/jp/group/news/1905132000.html
  4. https://www.bloomberg.com/news/articles/2019-05-14/uniqlo-owner-says-460-000-online-accounts-accessed-in-japan-hack
  5. https://www.bleepingcomputer.com/feed/
  6. https://www.prjorgensen.com/?p=2933

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.