P2021-ND-194

Victoria?s Secret Stores Brand Management

The Organization experienced a credential-stuffing attack which took place over an approximately four-hour period on November 9, 2020. As a result, an unauthorized individual gained access to personal information in certain of the Organization?s online accounts. The attack was detected and later blocked by the Organization while it was still in progress. The Organization reported that, based on its investigation, the incident resulted from the apparent reuse of legitimate, recycled credentials (usernames and passwords) that may have been obtained in third-party hacking incidents.

File Type: pdf
Categories: 2021
Tags: Unauthorized access