Connect with us

Hi, what are you looking for?

Cyber Security

US supermarket chain Wegmans suffers data breach due to ‘misconfigured’ databases

US supermarket chain Wegmans Food Markets has announced it has suffered a data breach after two databases were accessible online due to a “misconfiguration”.

The company, which is headquartered in New York, said that customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, email addresses, and passwords for Wegmans.com accounts were included in these databases.

The account passwords were hashed and salted, said Wegmans, and social security numbers and financial information was not accessed.

Wegmans said the misconfiguration issue, which was reported to them by a security researcher, began “on or about April 19, 2021” and has now been rectified.

A press release reads: “Wegmans worked diligently with a leading forensics firm to investigate and determine the incident’s scope, identify the information in the two databases, ensure the integrity and security of the systems, and correct the issue.

“Wegmans also notified any customers who may have been affected by this issue.”

It is not yet clear how many people were impacted. The Daily Swig has reached out to Wegmans for further comment.

Credential stuffing attack

The incident comes just months after Wegmans customer accounts were potentially breached following a suspected credential stuffing attack.

security advisory sent to customers in February this year revealed that information including names, phone numbers, addresses, dates of birth, and Wegmans Shoppers Club numbers may have been accessed.

Source: https://portswigger.net/daily-swig/us-supermarket-chain-wegmans-suffers-data-breach-due-to-misconfigured-databases

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain...

Cyber Security

Mondelez Global LLC, the parent company of Oreo cookies and other major food products have released a notice stating that Oreo cookie maker Hacked,...

Cyber Security

airBaltic, Latvia’s flag carrier has acknowledged that a ‘technical error’ exposed reservation details of some of its passengers to other airBaltic passengers. Passengers also reported...

Cyber Security

A researcher has disclosed how he was able to access the personal identifiable information (PII) of potentially 185 million Indian citizens – and create...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO