Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


PlanetDrugsDirect Security Breach

The Canadian online pharmacy PlanetDrugsDirect is notifying its customers of a data breach that impacted some personal and financial information. The company is a member of the Canadian International Pharmacy Association (CIPA) and has both Canadian and US customers.  The notification from the company states that the exposed information includes customers’ names, addresses, email addresses, phone numbers, medical information, and payment information. It also states that there is no evidence to suggest that passwords were compromised. 

Analyst Notes

Since payment information is included in the breach, it is recommended for victims to monitor their bank accounts and credit card accounts for unusual activity. It is also advised to be aware that this information could be used for targeted phishing campaigns. Customers of the PlanetDrugsDirect should change their login credentials to a unique and complex password just for safe measure. Businesses that store customers’ protected health information (PHI) and payment information should be aware that this information is actively sold on criminal marketplaces and attackers will continue to attempt to gain access to steal customer information from databases. It is wise to monitor attempts to access records in databases for unusual patterns of queries. When attackers first gain access to a system, they often must run many test queries to discover the database tables and column names, especially if accessing the data through a blind SQL injection attack. These queries stand out as very different from the normal pattern of queries used by the web application and can provide early warning of a threat before attackers are able to access all of the records. Monitoring servers to alert on attacker behavior with an Endpoint Detection and Response (EDR) tool is another important layer of defense for protecting customer data.

To read more: