5 Identity-Based Vulnerabilities Behind Recent Retail Breaches
July 8, 2025
SaaS Security / Cyber Threats
From excessive admin privileges to neglected vendor tokens, attackers are capitalizing on weaknesses in trust and access. This article explores five significant retail breaches and the insights they provide. Major retailers like Adidas, The North Face, Dior, Victoria’s Secret, Cartier, Marks & Spencer, and Co-op have all faced breaches recently. Unlike traditional malware or zero-day exploits, these incidents were driven by identity exploitation—tapping into overprivileged access and unmonitored service accounts, often augmented by social engineering tactics.
Rather than forcing their way in, attackers simply logged in, moving stealthily through SaaS applications using legitimate credentials. Although many retailers have withheld specific technical details, clear patterns are emerging. Here’s a closer look at five notable breaches in the retail industry:
- Adidas: Leveraging third-party trust…