Fast Retailing Co, Asia’s largest retailer, has suffered a massive data breach that was confirmed on May 10th, 2019. The attack was performed from April 23rd through May 10th before the hack could be stopped. The style of attack used is what is known as a password-attack. A password attack is when the attacker has login credentials of a user and attempts to use the credentials across multiple sites. At the time of this report, the number of illegally logged-in accounts is close to 500,000 and rising. Not only are the users at risk, but E-commerce businesses with user login pages are also at risk of being the next company targeted. Data breaches of this type normally create large spikes in bot traffic as hackers cycle through huge lists of stolen credentials in an attempt to exploit the stolen data. This causes the user to lose faith in the company’s security and affected companies must use time and dollars to mitigate these attacks. Unsecure web applications can harm a company’s efforts because retailers tend to limit application security efforts and often overlook obvious risks and threats in an effort to roll out new products faster. Attackers have started targeting eastern countries’ retailers due to western retailers taking a more proactive approach to cyber-security.
Users in and outside of companies should always have different login credentials for all sites that they have accounts with. Also, the practice of making passwords unique and increasingly complex is essential in today’s cyber world. When a company develops any software or website, cyber-security should be a consideration from the beginning