PetSmart customers warned to reset passwords after credential-stuffing attack

An ongoing credential-stuffing attack targeting pet owner accounts at PetSmart has forced the company to take immediate action, revoking the passwords of an undisclosed number of customers.

The pet superstore giant has sent email notifications advising customers to reset passwords to prevent criminals from compromising their accounts and accessing personal data. The company emphasized that neither petsmart.com nor any other managed system was compromised.

“Our security tools saw an increase in password guessing attacks on perstmart.com, and during this time your account was logged into,” the email reads.

“While the log in may have been valid, we wanted you to know. In an abundance of caution to protect you and your account, we have inactivated your password on petsmart.com. The next time you visit petsmart.com, simply click the ‘forgot password’ link to reset your password.”

Data breaches and password recycling fuel credential-stuffing attacks that enable cybercriminals to take over accounts, steal data, and conduct fraud.

To defend against these risks, it’s crucial for internet users to adopt healthy digital habits, including:

• Use strong and unique passwords for every individual account
• Never reuse or recycle passwords
• Never share passwords with individuals you meet online or via unsolicited correspondence
• Keep passwords secret and safe
• Enable two-factor authentication whenever possible
• Stay on top of data breaches to immediately act and protect your identity and data

Passwords are crucial to protecting personal information and money.

Enhance your online privacy and protect YOUR IMPORTANT with our trustworthy password manager to automatically create and maintain the best password practices, and help monitor all the login credentials for all your services.

Create strong and unique passwords and manage your entire digital life by pairing our feature-rich password manager with a dedicated digital identity protection service. Stay on top of data breaches with real-time 24/7 data breach monitoring and the industry’s first Identity Protection Score that helps you fully understand how old or new data breaches can impact your security and overall wellbeing.