Showroomprivé, the French website specializing in online private sales, has just suffered a cyberattack. In an email sent to its customers, the site indicates that a "series of suspicious login attempts" affected certain accounts "between January 3 and 6, 2025".
As security researcher Clément Domingo points out, the brand actually suffered a so-called "credential stuffing" attack. This type of cyberattack consists of exploiting identifiers (usernames and passwords) stolen from a platform in order to try to access accounts on other online services. In this case, the hackers used data relating to other platforms to try to enter Showroomprivé accounts. This is why you should never recycle your passwords.
Massively exploited by hackers specializing in personal data theft, "credential stuffing" is at the origin of several flagship offensives in recent months, including the wave of attacks against Auchan, or Picard. They generally multiply when data leaks explode on the rise, which is the case in France.
A cyberattack repelled in extremis
Fortunately, the surveillance system set up by Showroomprivé immediately detected the connection attempts made by the cybercriminals. This system is designed to "identify suspicious behavior", the site reports in the email sent to its customers. The latter immediately alerted the brand "of these intrusion attempts, and we can confirm that no personal data has been compromised".
To protect Internet users, the French brand promptly decided to reset the passwords of the targeted accounts and force users to change their code. The next time they log in, the targeted Internet users will have to change their password.
Change your password
As a precaution, Showroomprivé recommends "strongly changing your passwords on all services where you use similar identifiers (emails, social networks, banking services, etc.)". If a hacker got hold of a pair of credentials used on multiple platforms, we can expect them to use them again in the near future.
Unsurprisingly, the firm complied with current French legislation by notifying the relevant authorities of an attempted data theft. Showroomprivé has indeed alerted the CNIL (Commission Nationale de l’Informatique et des Libertés), the authority responsible for ensuring the protection of personal data in France.
Showroomprivé joins the long list of French brands that have found themselves in the sights of hackers in recent months, alongside Cultura, Boulanger, LDLC, SFR and Free.
0 Comments