How hackers ‘tricked’ IT department of one of the biggest UK retailers to disable its entire online operations

Last month, a group of cybercriminals brought the online operations of Marks & Spencer to a halt by reportedly exploiting a basic human vulnerability. Posing as legitimate employees, the hackers called up the IT help desks of one of the UK’s largest retailers and convinced its staff to reset passwords for the accounts they had impersonated, a report claims. With those credentials in hand, they infiltrated the company network and disabled its website and app ordering systems. Two weeks after the incident, customers remain unable to place clothing and home orders online, while M&S claims to be working “day and night” to restore services. However, the retailer has not provided a timeline for resuming online orders, noted that some food products remain unavailable, and has yet to disclose the financial impact of the disruption.