Sam’s Club has started sending automated password reset emails and security notifications to customers who were hacked in credential stuffing attacks. Credential stuffing attacks involve the attackers trying previously leaked username-password combinations against another website in an automated fashion, in an attempt to find accounts that share the same credentials. The company has reset passwords for these accounts and is taking additional measures to protect the accounts from fraudulent activity. It is not clear how it became possible to gain unauthorized access to Sam’s club member accounts.
Source: https://www.bleepingcomputer.com/news/security/sams-club-customer-accounts-hacked-in-credential-stuffing-attacks/