There was a security incident in mid-January at the online mail-order pharmacy DocMorris, which has its headquarters in the Netherlands. During the attack, unknown perpetrators had changed the addresses of customer accounts and ordered medicines on their behalf. About 20,000 accounts were affected by the incident, according to DocMorris.
In some cases there were “orders to changed delivery addresses”. To be on the safe side, DocMorris blocked the affected accounts and informed the customers via letters and e-mails. The responsible data protection officers in Berlin and the Netherlands already know about it, as the data protection authority in Berlin informed heise online.
Doubts about brute force attack
DocMorris explains the blocking and the incident to the customer with the use of insecure and multiple-use passwords:
Our web shop was the target of a so-called credential stuffing attack. This digital attack used computer programs to randomly attempt to log into Docmorris customer accounts using credentials stolen elsewhere. The attackers take advantage of the fact that access data for online services is unfortunately often used more than once by users. This was obviously also the case with your customer account (…)
Information from DocMorris about new access data
(Image: anonymous source)
However, heise online has received indications that people who had used one-time passwords for their customer accounts and a password manager were also affected. In this case, it seems unlikely that passwords were already known. Those affected had also vented their anger at the explanation of the online pharmacy on Twitter. Further replies from DocMorris are pending.
Recent switch to prepayment
In connection with the cases of fraud, DocMorris limited its payment methods to prepayment a few days ago. Previously, customers could also buy products on account, as reported by Apotheke Adhoc. Recently, however, both methods are no longer offered. “In order to protect our customers and ourselves, we are currently offering more payment methods that are less frequently associated with fraud. In addition to the currently restricted payment by invoice and direct debit, we offer our customers many other payment methods for their orders (Paypal, credit card, Paydirekt , Barzahlen/Viacash, Klarna with immediate transfer)”, explained a DocMorris spokesman.
Increased attacks with credential stuffing
Successful brute force attacks in which cybercriminals test access data have been more frequent in the recent past. 35,000 Paypal customers were recently affected by such an attack. Countless NortonLifeLock customers have also suffered unauthorized access due to cracked access data. If you want to check whether an e-mail address has already been published, you can look at Have I Been Pwned, for example.
(mack)
