1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Sam's Club" Hacked, Info Leaked Online

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Nov 16, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    Sam's Club resets passwords after thousands of logins posted online...

    Over 14,000 usernames and plain-text passwords for the retail giant's online store were posted online over the weekend.

    Wholesale retail giant Sam's Club has reset passwords for thousands of customers after their account details were posted online.

    In an email to members obtained by ZDNet, the Walmart-owned company said that it had begun resetting passwords after it found that "someone might be trying to take advantage" of customer accounts.

    It comes after over 14,600 email addresses and plain-text passwords associated with Sam's Club's online store were dumped on Pastebin, a text sharing site, on Saturday.

    The title of the password dump said that the accounts listed belonged to the retail giant. The company which has over 650 locations across the US and tens of millions of members.

    But the company denied that it had been hacked.

    "We've looked into this issue and there is no indication of a breach of our systems. It is most likely a result of one of the past breaches of other companies' systems.

    Because customers often use the same usernames and passwords on various sites, bad actors will typically test the credentials they obtain across many popular sites. Unfortunately this is an industry-wide issue," said Walmart spokesperson Dan Toporek in an email.

    http://www.zdnet.com/article/sams-club-resets-passwords-after-thousands-of-logins-posted-online/
     
  2. Joseph Lich

    Joseph Lich BANNED BANNED

    Joined:
    Nov 25, 2015
    Messages:
    402
    Likes Received:
    79
    They'd best deny have been penetrated.
     
  3. Heisenberg

    Heisenberg Jr. VIP Jr. VIP

    Joined:
    Sep 11, 2014
    Messages:
    720
    Likes Received:
    375
    Occupation:
    Freelancer
    Location:
    Croatia
    I got to go offtopic because im curious, even if what they are saying is true why would anyone and especially big companies save passwords without hashing them?
     
  4. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,296
    Likes Received:
    10,831
    Sam's Club = Wal Mart. Wal Mart can do whatever they want. They are by far the largest corporation in the world, both by revenue and employees.
     
  5. Eternal1912

    Eternal1912 Power Member

    Joined:
    Dec 6, 2014
    Messages:
    621
    Likes Received:
    246
    Gender:
    Male
    Occupation:
    Freelance Writer
    Location:
    Bulgaria
    So big? Aren't these passwords encrypted somehow?
     
  6. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    like sony pictures did with their passwords a year ago? most of these large companies are staffed by people who know or care very little about security.

    client privacy is someone else's problem.
     
  7. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,478
    Likes Received:
    3,108
    Gender:
    Male
    One possible reason would if they want to send the old password in email instead of resetting them. Nevertheless, that would be a bullshit logic.
     
  8. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,296
    Likes Received:
    10,831
  9. Eternal1912

    Eternal1912 Power Member

    Joined:
    Dec 6, 2014
    Messages:
    621
    Likes Received:
    246
    Gender:
    Male
    Occupation:
    Freelance Writer
    Location:
    Bulgaria
    Damn.
     
  10. hero76

    hero76 Power Member

    Joined:
    Oct 20, 2016
    Messages:
    597
    Likes Received:
    96
    Gender:
    Male
    not sure what someone could do with all these logins. sams club doesn't store payment information as far as i know. perhaps the world will know i buy too much toilet paper...
     
  11. elavmunretea

    elavmunretea Elite Member

    Joined:
    May 14, 2016
    Messages:
    1,723
    Likes Received:
    2,308
    Home Page:
    This is hardly news. Another popular forum has had a large userbase of people selling these accounts for years now. I think the going rate is around 30% of the accounts value.