![Dan Murphy's is one of the brands targeted in the attack. Picture: File photo Dan Murphy's is one of the brands targeted in the attack. Picture: File photo](/images/transform/v1/crop/frm/228290379/09d023bc-3f74-4cef-b18f-d69a9d0688d8.jpg/r0_280_5472_3369_w1200_h678_fmax.jpg)
Major brands are scrambling to mitigate a major hack after thousands of online shoppers had their online log-in details stolen.
Subscribe now for unlimited access.
or signup to continue reading
Household names including Guzman Y Gomez, Dan Murphy's , TVSN Home Shopping Network and Event Cinemas have been caught out after roughly 15,000 people had their log in details, and in some cases, their credit card credentials stolen in a coordinated move.
Cyber criminals allegedly purchased the log in details from overseas before logging in to make online purchases through saved credit card details or gift cards on company websites, according to Australian cybersecurity company Kasada.
An Endeavour Group spokesperson said a "small number" of Dan Murphy's accounts were affected in the scam.
"A small number of user accounts were subject to fraudulent transactions as a result of email and passwords being obtained through unrelated third party breaches and not due to our internal systems being compromised," she said.
"Our team took immediate action and has been working with affected customers. Our investigations are ongoing, with a focus on the continued security of our systems and customer personal information within our environment."
Advice from the Australian Cyber Security Centre advised online shoppers set up strong passwords and enact multifactor identification in a bid to deter cyber crime.
Despite initial reports Binge customers had been impacted by the attack and a spokesperson said accounts remained unaffected.
"Credit card details are managed off-platform as part of the comprehensive cyber security systems we have in place," she said.
"Our customer accounts are monitored 24/7 for cyber activity that may compromise accounts and we have advanced systems in place to block, re-set customer accounts, and notify affected customers, ensuring minimal risk."
It comes days after Australian online retailer The Iconic made headlines when online login credentials were stolen and accounts accessed.
"When we became aware of this incident, we activated our incident response processes and commenced an investigation,' a statement to customers released in the aftermath of the incident read.
"As part of this investigation, we are working closely with expert cyber security partners to assess the impact of the incident."