cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

The Iconic promises refunds following credential stuffing hacks

Popular online fashion retailer The Iconic will refund customers following a rise in fraudulent purchases.

user icon David Hollingworth
Wed, 10 Jan 2024
The Iconic promises refunds following credential stuffing hacks
expand image

The Iconic has said it will offer refunds to customers caught out in a spate of recent credential stuffing attacks.

“We have recently seen an increase in fraudulent account login attempts on The Iconic, which our security and fraud teams continue to actively manage, in conjunction with our security partners,” the retailer said in a widely reported statement on 9 January.

A number of customers made complaints on the company’s Facebook page, with some claiming to be out of pocket to the tune of more than $1,000.


The Iconic is offering refunds even though it was not the company itself that was hacked.

“We are working with all customers to address these incidents, which are not a result of a data breach at The Iconic,” the statement read.

“The security of our customer data is of the utmost importance to us, and we continue to work with our third-party security partners to protect against all fraudulent activity.”

What is credential stuffing?

Credential stuffing is a form of cyber attack where threat actors use automated tools to repeatedly try stolen username and password combinations across various online platforms.

The hackers exploit the common practice of users reusing passwords on multiple sites, which have been compromised and published online following previous attacks and data breaches.

To defend against credential stuffing, users are advised to use unique passwords for each account and enable two-factor authentication to add an extra layer of security. Organisations should also implement measures such as account lockouts alongside monitoring for unusual login patterns to mitigate the risks associated with credential stuffing attacks.

Many millions of Australian credentials were compromised in the last two years, making the country a rich target for scammers and cyber criminals.

In this case, The Iconic is actively encouraging its customers to change their passwords.

“We encourage all Iconic customers to be vigilant when it comes to proactively managing their account security by regularly changing their passwords,” the company’s statement said.

The Iconic is also contacting customers via email to prompt them to make a password change.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.