The popular online stores in Japan, UNIQLO Japan and GU Japan, recently revealed that it suffered a cyber-attack that affected more than 460,000 of its customers. Fast Retailing, the parent company behind the UNIQLO Japan and GU Japan online stores, stated the unknown hackers allegedly accessed its customers’ accounts from April 23, 2019, to May 10, 2019, following a credential stuffing attack.
According to Fast Retailing, the compromised information included, customer name, address, phone number, email address, gender, date of birth, purchase history, clothing measurements, and credit card information.
“It was confirmed on May 10, 2019, that an unauthorized login by a third party other than the customer occurred on the online store site operated by our company (UNIQLO official online store, gu official online store). Although the number of targets and the situation may change according to the progress of the future survey, we will report the facts confirmed at present and our response situation,” Fast Retailing said in a statement.
Citing the attack as a “list-type account hacking”, Fast Retailing stated this kind of attack is performed by using the user ID and password that may have leaked from other companies’ services. The company also notifying the customers to update their passwords to avoid further loss.
“This fraudulent login was performed from April 23 to May 10, 2019, by the method of “list-type account hacking (list-type attack)”, and the number of accounts logged-in illegally as of the present is 461,091 It will be. We deeply apologize to our customers and stakeholders for any inconvenience or concern. We will strive to further enhance security and ensure safety so that similar events do not occur,” the statement added.
Recently, the Japanese government announced that it will be hacking the IoT devices of its citizens. The new initiative is part of a unique survey the government will be undertaking with the intention of securing IoT devices of its citizens. The survey will be carried by the National Institute of Information and Communications Technology (NICT) with active involvement of the Ministry of Internal Affairs and Communications.
As part of the survey, employees of NICT will try to hack IoT devices of citizens using default passwords and password dictionaries. After this, they will prepare a list of insecure devices that uses default passwords or easy-to-guess passwords and will submit the list to relevant authorities, as well as internet service providers who will then alert the citizens and ask them to change passwords as well as secure their devices.
