The aim of the hackers was apparently to place orders under someone else’s name. As part of a so-called credential stuffing attack, 0.2 percent of all accounts registered with DocMorris were accessed. The attack was not caused by a serious security gap on the part of the provider. Instead, the hackers took advantage of the fact that many customers are careless with their passwords.
Invoice and direct debit deactivated
Many users sign in to multiple services with the same password. Therefore, the hackers tried data sets obtained from past attacks to gain access to DocMorris accounts. The attackers have started changing the addresses on file and ordering medication using the saved payment methods. That is why DocMorris has temporarily deactivated payment methods such as invoice and direct debit. Customers can continue to pay with Paypal, credit card and instant transfer.
DocMorris reported the security incident to the responsible authorities. Affected customers were informed by email and post that their accounts had been blocked. The company has blocked all accounts for which a login process was carried out during the attack period. As a result, users who used a unique password may also have been blocked. With the help of a sent one-time password, it is possible to unlock the account again. In total, the data is said to have been stolen from around 20,000 users. It is unclear how much damage is caused by orders sent by the attackers.
See also:
