cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Guzman y Gomez, Dan Murphy’s customers affected in credential stuffing campaign

The details of thousands of Australians have been compromised in a campaign targeting a number of major Australian retailers, resulting in fraudulent purchases.

user icon Daniel Croft
Wed, 17 Jan 2024
Guzman y Gomez, Dan Murphy’s customers affected in credential stuffing campaign
expand image

Over 15,000 customers of Australian retailers and service providers, including alcohol vendor Dan Murphy’s, Mexican restaurant chain Guzman y Gomez, Event Cinemas, streaming service Binge, and home shopping network TVSN, were affected.

Customer accounts of these companies were compromised through a credential stuffing campaign, an attack that works through trial and error, with a threat actor automatically entering known usernames and passwords into website login forms in the hope that users have reused details across multiple services.

According to media reports, the threat actors behind what is believed to be a targeted attack purchased stolen login details from overseas sources.


Many of the successfully accessed accounts contained saved credit card information or had gift cards on them, resulting in fraudulent transactions.

According to reports from The Sydney Morning Herald, some of the threat actors shared receipts and tales of their illegal activity, with one cyber criminal claiming to have spent over $800 on high-end alcohol at Dan Murphy’s through the hack.

Others said they purchased iPhones and clothing.

The affected retailers have responded to the news of the credential stuffing campaign, with Dan Murphy’s confirming that the threat actors had affected the accounts of a small number of customers.

“These were obtained through unrelated third-party breaches and not due to our internal systems being compromised,” a spokesman said, according to The Daily Mail.

“Our team took immediate action and has been working with affected customers.”

Guzman y Gomez also responded that the company does not save customer credit card information and that it “uses advanced monitoring for such attacks and proactively takes action to defend against cyber criminals to protect our guests, including notifying users of suspicious activity”.

Binge has been contacted by Cyber Daily for comment on how the incident has affected its customers.

Update 17/01/2022: Binge has responded to Cyber Daily with a statement saying that its customer's credit card information is not at risk of compromise from the credential stuffing campaign.

"BINGE customers remain unaffected by credit card scams including the one reported by Kasada and no credit card details have been compromised," said a company spokesperson speaking with Cyber Daily.

"Credit card details are managed off-platform as part of the comprehensive cyber security systems we have in place. Our customer accounts are monitored 24/7 for cyber activity that may compromise accounts and we have advanced systems in place to block, re-set customer accounts, and notify affected customers, ensuring minimal risk.”

The recent credential stuffing campaign closely follows a similar incident affecting customers of online fashion retailer The Iconic.

“We have recently seen an increase in fraudulent account login attempts on The Iconic, which our security and fraud teams continue to actively manage, in conjunction with our security partners,” said the retailer in a widely reported statement on 9 January.

Some customers said they had lost as much as $1,000 or more as a result of the credential stuffing attacks.

Despite it not being the retailer’s fault, The Iconic said it would offer refunds to customers affected by the breach.

“We are working with all customers to address these incidents, which are not a result of a data breach at The Iconic,” the statement read.

“The security of our customer data is of the utmost importance to us, and we continue to work with our third-party security partners to protect against all fraudulent activity.”

The retailer also recommended that customers change their passwords and is prompting its users to do so via email.

“We encourage all Iconic customers to be vigilant when it comes to proactively managing their account security by regularly changing their passwords,” the company’s statement said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.