Credential stuffing attacks reported by PetSmart

Major U.S. pet-oriented superstore chain PetSmart had its customers' online accounts subjected to credential stuffing attacks, which have prompted the company to implement a password reset for all accounts logged in during the intrusions, BleepingComputer reports.

Despite a spike in password guessing attacks against PetSmart's website, there has been no evidence suggesting the compromise of the company's website and servers, according to PetSmart. "In an abundance of caution to protect you and your account, we have inactivated your password petsmart.com. The next time you visit petsmart.com, simply click the "forgot password" link to reset your password," said PetSmart in an email alert sent to customers initially discovered by DarkWebInformer. Such an incident comes amid the growing prevalence of credential stuffing attacks during the past few years, with fast food chain Chick-fil-A, sports betting sites FanDuel and DraftKings, financial tech firm PayPal, telecommunications company Comcast Xfinity, and audio streaming app Spotify among the most notable victims.