Macy’s is notifying some of its customers that their store accounts may have been accessed by ‘bad actors’ who stole their usernames and passwords. According to Macy’s spokesperson Radina Russell, the accounts were accessed after passwords and usernames from other accounts were either stolen or purchased by the bad actors.
The explanation from Macy’s is that affected customers were using the same username and password for their Macy’s account that they use for other accounts such as for email or social media. When the login information from those accounts were taken, the bad actors tried using them at Macy’s.
Those that were successful could access anything that Macy’s account contained such as name, email address, credit card numbers, and phone numbers. Macy’s does not keep a record of customer’s social security numbers nor the CVV number listed on the back of credit cards.
Russell told me it affects a small number of Macy’s customers, “less than 1/2 of 1%” she said.
This is a reminder of the importance to use different passwords for critical accounts such as bank and credit cards, email, social media and any other account that stores personal information that can be used to identify.