Gap.com

In July 2021 the popular clothing retailer Gap experienced a credential stuffing attack through its official website. Threat actors used leaked credentials from other platforms to gain unauthorized access to Gap customer accounts. The breach exposed personal information and order history for a significant number of users. The company responded by resetting passwords for affected accounts and implementing additional security measures to prevent automated login attempts and protect customer data from further exploitation.