Victoria’s Secret is set to become the latest victim of a cyber attack ahead of the busy Christmas season, security experts have warned.
Researchers at Israeli firm CyberInt found that cybercriminals are planning to offer tools to hack the lingerie brand and its customers, reports The Telegraph.
Hackers are also selling customers’ accounts online, indicating a potential security breach, although it could not verify the accounts were real.
Customer accounts were found to be up for sale in rubles, suggesting they had been obtained by Russian online criminals that are now looking to sell them.
Fake smartphone apps masquerading as the official Victoria’s Secret app were found on the dark web, along with a list of vulnerabilities on its website.
If someone downloaded the app, it would grant total access – including pictures, documents, browsing habits and potentially banking details, to fraudsters.
CyberInt has advised Victoria’s Secret to contact owners of the accounts so they can change their password. It also urged its lawyers to threaten fake app developers with legal notices over copyright.
According to the BRC Annual Retail Crime Survey 2016, an estimated 53% of reported fraud in the retail industry is cyber-enabled, which represents a total direct cost of around £100 million.