The attackers were able to have access to the names, first names, dates of birth and contact details of 20,000 customers, as well as their IBAN if it was provided.
The wave of data thefts continues. Attackers were able to access the data of 20,000 customers of Kiabi's second-hand site, including their IBAN, the ready-to-wear brand told AFP on Tuesday. “On January 7, the second hand by Kiabi site teams detected a cyberattack by credential stuffing”related Kiabi. “This particular type of attack uses credentials from data leaks from other websites to attempt to gain access to targeted customer accounts.” The attackers were able to have access to the names, first names, dates of birth, contact details of 20,000 customers, as well as their IBAN if it was provided.
Kiabi wanted to clarify that the RIB, which contains additional information compared to the IBAN such as the account number, was not revealed to the attackers. After observing the attack, “an IBAN masking feature has been added to prevent any recovery of this data”Kiabi said. Passwords have also been reset. As required by law, the targeted customers were informed of the attack by Kiabi. The Kiabi.com site was not affected by this cyberattack, the brand said. Only the second-hand site was. It allows you to buy second-hand clothes and resell your own, which explains why some customers have entered their IBAN.
