Skip to Content
Cybercriminals stealing prescription meds
© Maciek905 |
Security & privacy

Criminals are hacking pharmacy accounts to steal THIS drug

When you need medication, you must go to a doctor, get a prescription and collect the medicine from a pharmacy. It’s a regulated industry, and for the most part, healthcare workers must follow strict guidelines. Picking up medications for a parent or kid? Tap or click for a free tool to save money.

As you know, some medications are highly sought after by those without a prescription. Cybercriminals have found a devious way to get those drugs by targeting your online pharmaceutical accounts.

Keep reading to find out how they pull it off and ways to protect your accounts.

Here’s the backstory

Criminals no longer need to steal a doctor’s prescription pad or forge signatures to get their hands on controlled substances. Instead, they are turning to technology.

Cybersecurity company Kasada recently discovered cybercriminals using the technique known as credential stuffing to take over pharmaceutical accounts. This helps them steal prescription meds.

So, what is credential stuffing? It’s when cybercriminals use stolen account credentials, typically from massive data breaches, and use them with automated account cracking tools to break into other online accounts.

They have been using this technique on pharmacy websites recently, hoping to take over unsuspecting victims’ accounts to steal prescription meds. Once an account is taken over, hackers have access to active prescriptions. They can change the account’s shipping address to have meds sent to them, or they can sell the information on the black market.

“This activity is both illegal and dangerous. It puts medications in the hands of people who don’t have a prescription from a doctor and enables substance abuse. It also takes prescribed medications away from the people who need them legitimately,” Kasada explains in a blog post.

Some of the most sought-after drugs are Adderall and Oxycodone, both highly addictive. Kasada notes a five-times increase in stolen accounts in the past 60 days. And no one is safe as criminals target customers of the top 10 U.S. pharmacies.

What you can do about it

As we mentioned, criminals mainly pull off these prescription heists using stolen credentials from data breaches. They can buy stolen credentials cheaply on the Dark Web.

So the best way to avoid having your pharmaceutical account taken over is to never use the same account credentials on multiple sites. Also, it would help to know if you’ve ever been part of a data breach. The site HaveIBeenPwned will help you find out. Tap or click here for instructions on using HaveIBeenPwned.

There are some other things you can do to stay protected. Here are a few suggestions:

  • Use unique, strong passwords for every online account. If you use the same password for multiple accounts and one is breached, criminals will use the stolen credentials to access your other accounts.
  • Change your passwords often, at least once every two months. And make them as solid and secure as possible. Tap or click for help creating better passwords.
  • Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts. Tap or click here to learn the benefits of 2FA.
  • Always have a trusted antivirus program updated and running on all your devices. This helps keep hackers from stealing your credentials. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

Check your cabinet! 63 medications recalled for possible contamination

Get your prescriptions by mail? Your medication could be at risk

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started