Skip to main content
close search
site logo
Dive Brief

Warby Parker hit by cybersecurity attack

Published Jan. 2, 2019
By
Contributor
Warby Parker

Dive Brief:

  • Warby Parker in recent months has been targeted by credential stuffing attacks — incidents in which stolen customer usernames and passwords were used in attempts to access customer accounts, according to a press release sent to Retail Dive. 

  • The eyeglasses retailer said that about 198,000 of its customer accounts were targeted between late September and late November, when evidence of the attacks was discovered and Warby Parker alerted law enforcement. The retailer stated that unauthorized parties obtained the usernames and passwords from unrelated breaches at other companies. 

  • The company contacted customers that may have been impacted and required them to change their passwords. Warby Parker stated that there is no indication that the attacks were successful in allowing unauthorized access to payment card information.

Dive Insight:

As retail security attacks go, the estimated number of people that may have been impacted is relatively low compared to other attacks (last year's Shein data breach affected 6.4 million accounts, for example). There doesn't appear to be any proof that the attack was successful, despite occurring over a period of two months.

The credentials that were used in the attempted attacks on Warby Parker are believed to have been stolen in separate, previous attacks on other companies. This is an example of how a successful data breach affecting one company and its customers can have a ripple effect across other companies and industries — especially if customers fail to change their username and passwords on accounts they hold with other businesses.

In fact, password reuse is a widespread problem. A study commissioned last year by identity theft intelligence firm 4iQ found that almost half of surveyed consumers admitted to reusing account passwords across multiple websites.

The threat of data breaches is already a problem in retail, one that retailers seem to have few ideas about how to fight effectively. More companies have started to pursue greater protection measures, but the lack of urgency with which their own customers may try to protect themselves, including failing to use different passwords on different accounts, can make data breaches an even tougher problem to fight.

In light of the breach, Warby Parker announced a continuation of investing in tech designed to protect security and privacy. 

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release
Muenster Milling Company Announces Ryan James as Chief Revenue Officer
From Muenster Milling Company
November 20, 2024
Frank Mayer and Associates, Inc. Nominated for Prestigious 2025 Vendors in Partnership Award
From Frank Mayer and Associates
November 20, 2024
New Brand Benchmark™ reports from VideoMining aim to fill missing link in CPG brand insights
From VideoMining
November 14, 2024
New Interface Report Reveals Top Security Risks for U.S. Retail Chains
From Interface Systems
November 19, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell