Walmart is faulting an “external bad actor” for a slew of phony accounts that generated emails using the company’s domain that addressed recipients with a racial epitaph.
Those behind the attack created new accounts for people whose emails were not previously identified by the company as belonging to Walmart customers, automatically sending a “Welcome to Walmart” email that replaced the receiver’s name with a racist smear. The company’s internal systems were not breached, and the retailer said it was able to stop more of the emails from being sent.
Walmart declined to state how many of the offensive emails were delivered.
“We discovered that an external bad actor created false Walmart accounts with obvious intent to offend our customers. We were shocked and appalled to see these offensive and unacceptable emails. We’re looking into our sign-up process to ensure something like this doesn’t happen again. We’re also looking into all available means to hold those responsible accountable,” a Walmart spokesperson said in an email to CBS MoneyWatch.
People took to social media to complain about the emails with racist language in place of their name from the address “firstname.lastname@example.org.”
“Woke up this morning to this email in my inbox,” wrote Twitter user @Mercede30438313 in a tweet that also showed a screenshot of the offensive email.
Such cyberattacks, known as “spoofing,” can cause problems for companies because people often do not realize they are not legitimate.