Skip to main content
An evolving AI project from Mi3 | Automation with Editor curation. And oversight. Always.
In partnership with
Salesforce
Posted 10/01/2024 5:16pm

Image by Midjourney Pic: Midjourney

Editors' Note: Many Fast News images are stylised illustrations generated by Dall-E. Photorealism is not intended. View as early and evolving AI art!

hAIku

Fraud hits retailer,
The Iconic to refund
Security fears.

In partnership with
Salesforce

The Iconic battles rising 'credential stuffing' fraud, pledges refunds to customers who fall victim to hackers

Online retailer, The Iconic, has vowed to refund all customers who have fallen prey to fraudulent transactions on their accounts.

This commitment comes in the wake of reports that emerged this week of accounts being hacked, with incidents allegedly occurring since November.

Taking to The Iconic's Facebook and Instagram social pages to express their frustrations, several customers said they had suffered fraudulent activity on their accounts starting from $500 worth of transactions to more than $4000. The activity had been conducted through their accounts without their knowledge and consent and were only discovered through credit card and bank statements after the fact.

In a statement, a spokesperson for The Iconic said it is endeavouring to work affected customers to rectify the situation and confirmed the retail plans to provide full refunds for any successful orders made that have been dispatched.

"We have recently seen an increase in fraudulent account login attempts on The Iconic, which our Security and Fraud teams continue to actively manage, in conjunction with our security partners," a spokesperson for The Iconic stated. "We are working with all customers to address these incidents, which are not a result of a data breach at The Iconic.

"The security of our customer data is of the utmost importance to us and we continue to work with our third party security partners to protect against all fraudulent activity."

The Iconic has pointed to a spike in 'credential stuffing' as the trigger behind the fraudulent activity. This is a method of cyberattack where hackers use lists of compromised user credentials, such as email and password combinations exposed in separate data breaches, to breach other systems.

The Iconic's teams are also intercepting unauthorised access attempts and cancelling any fraudulent orders. The company has also advised customers to regularly change their passwords as a precautionary measure. However, it remains unclear how many accounts have been compromised and how many customers have been affected.

One customer who took to Instagram said she'd finally logged into her account only to find six orders had been placed without her knowledge. Others used social messages to criticise the retailer for its customer service and lack of response after their accounts were hacked.

It is unclear how many accounts have been compromised and how many customers have been affected, or how many fraudulent transactions have occurred. According to the ABC reporter, a customer of The Iconic, they first became aware of a potential issue in November and had been unable to access their account, but had not experienced any fraudulent transactions being made.

In an email to one customer from an Iconic customer service representative, quoted in the ABC report, it stated: "Unauthorised access to your customer account at The Iconic may have occurred where the customer login credentials (email username and password combination) you had used to create your iconic customer accounts was identical to your login credentials... that you used on another website (and was exposed as a result of a third party data breach on that other website)."

Off the back of growing complaints, The Iconic sent out an email-based communication this week advising customers to change their passwords, noting scam activity and online fraud is on the rise in A/NZ across all industries. In a response to one customer querying the email, The Iconic confirmed these emails were genuine communications from the retailer sent as a precaution, but did not mean that specific customer had been hacked.

"We want to remind you of the importance of account security and encourage you to strengthen your Iconic account by regularly changing your password," the email read. This was followed by step-by-step instructions on changing a password on the online retailer's site.

However, several customers on Facebook said they'd been unable to login the website to do so, and instead had been served up Web error gateways, had been locked out of accounts, or found the instructions too unclear to follow successfully. In response to a number of these comments, The Iconic urged customers to contact its customer service department or message the team directly via social for further follow-up.

Search Mi3 Articles