Credential Stuffing Attack Hits 72,000 Levi’s Accounts

Written by

Tens of thousands of Levi’s customers may have had their accounts compromised after a credential stuffing attack, the clothing giant has revealed.

A notice published on the website of the Maine Office of the Attorney General (OAG) revealed that 72,231 individuals may have been impacted by the incident, which occurred on June 13.

“On June 13 we identified an unusual spike in activity on our website,” the breach noticed read.

“Our investigation showed characteristics associated with a ‘credential stuffing’ attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case LS&Co was not the source of the compromised login credentials.”

Read more on credential stuffing: Okta Warns Customers of Credential Stuffing Barrage

Levi’s promptly forced a password reset the same day “for all user accounts that were accessed during the relevant time period,” in order to try and lock the miscreants out of the accounts they may have hijacked.

If any accounts were compromised, the threat actors won’t have been able to take much, although they may have enough personally identifiable information (PII) on victims to launch convincing follow-on phishing attacks impersonating the Levi’s brand or other entities.

“Anyone that accessed your account would be able to view information contained there such as your order history, name, email, stored addresses, and, if you have saved a payment method, partial information that includes the last four digits of card number, card type and expiration date,” the notice explained.

“It does not appear that any fraudulent purchases were initiated using your information. Our systems do not allow saved payment methods to be used for purchases without a secondary means of authentication.”

Levi’s urged all impacted users to reset their passwords and verify the accuracy of personal information stored in their account.

“We suggest that you change the passwords – using a strong and unique password – for your other online accounts. This is an important defense against credential stuffing threats,” it concluded.

Image credit: AtlasStudio /

What’s hot on Infosecurity Magazine?