P2021-ND-254

Victoria?s Secret Stores Brand Management

Between April 13, 2021 to April 14, 2021, the Organization learned that an unauthorized party gained access to personal information in certain of its online accounts. The Organization determined that the unauthorized access to the online accounts was caused by a credential-stuffing bot attack during the course of an application update. The Organization reported that the incident did not arise based on a breach of its security safeguards, but rather, the apparent reuse of legitimate, recycled credentials (usernames and passwords) that may have been obtained in third-party hacking incidents in an attempt to access the online accounts of its users who use the same username and password on multiple websites.

File Type: pdf
Categories: 2021
Tags: Unauthorized access