The team at HMBradley reveals that they recently detected a cyberattack on their systems. In this type of attack, often referred to as a “credential stuffing attack”, the perpetrator attempts “to gain access to a customer’s account using login credentials illegally obtained from another source.”
HMBradley wrote in a blog post that this kind of cyberattack “relies on a customer’s tendency to reuse username and password combinations for multiple accounts (not just a customer’s HMBradley account).”
First and foremost, the company noted that they want “to assure you that [they] are working diligently to protect [their] customers’ accounts and have taken corrective actions to curb the attackers, however, there are also actions you can take to protect yourself against this kind of attack both now and in the future.”
The company recommends doing the following:
Update your HMBradley password
Even if you don’t suspect your account of being compromised, “it may be a good idea to update your password as an extra precaution — especially if you use the same password for multiple accounts.” HMBradley also noted that they “recommend using a password manager to create and store secure passwords or using proven methods for creating strong passwords.”
Enable Two-Factor Authentication
According to the company, two-factor authentication is “one of the best ways to add an extra layer of protection to your account and ensure that you are the only person who has access — even if someone knows your password.”
Monitor your account for transactions you did not authorize
The HMBradley team also mentioned:
“If you believe that there are transactions on your account that you did not authorize, let us know immediately by contacting us at https://hmb.to/support. Although we monitor account activity to detect suspicious activity and notify our customers, we also advise you to review your account statements and account activity regularly.”
Keep an eye on your identity online
HMBradley added:
“Unfortunately, these sorts of cyberattacks are increasingly common in the digital age. It is always a good idea to keep an eye on your online identity and monitor your accounts for any unauthorized activity. Sites like Have I Been Pwnd? provide a useful and free way to check if any of your personal information has been compromised.”
They also mentioned that if you are concerned that you may be a victim of identity theft, the Federal Trade Commission (FTC) has “an online resource to help victims report and recover from identity theft.” You can report to the FTC online “at IdentityTheft.gov or by phone at 1-877-438-4338.”
As always, the firm reminded clients that if they have any questions or concerns about their account, then they should contact the HMBradley team. The firm added that they “appreciate your understanding and will provide updates as [they] learn more about this incident.”