Indigo Books and Music Inc.
On June 8, 2015, the Organization received two separate reports from customers of unauthorized electronic gift card transactions made on June 5. The Organization investigated and found that an unauthorized individual had gained access to 102 customer accounts using valid credentials. The Organization reported that its own customer systems had not been compromised and so the authentication credentials used for accessing the accounts were accessed using email address and password combinations obtained from a website that posts personal information from compromised applications. The credentials were used to accessing accounts, change email addresses, and make fraudulent purchases.