The Reddit poster shared his experience with the company claiming there had been a “critical lapse in account safety measures” - meaning his wife lost $700.

“Recently, my wife’s account was fraudulently accessed. Without any notification, warning, or confirmation, the email address associated with her account was changed,” the author of the post claimed.

“No steps were taken to verify this change, leaving her account completely compromised.”

“The intruder went on to purchase a $700 watch using the credit card linked to the account.”

He went on to claim The Iconic had “literally zero measures to guard, verify or even notify you of account changes.”

news.com.au set up an account with The Iconic to test these claims.

While resetting a password prompts an email with a link to confirm the change, removing or altering the email associated with the account does not prompt any form of confirmation for the customer.

In this customer’s situation changing the email address meant they did not receive any emails with receipts from the $700 watch purchase the hacker made.

For many companies, when crucial security information is accessed or changed, the owner of the online account can expect an email or a text message confirming the “suspicious” activity.

Such emails allow people to confirm the change, or deny it -- if it was a hacking attempt into the account.

Quite commonly, multi-factor authentication security measures are also in place, requiring two or more proofs of identity to grant you access to the account.

“The absence of these fundamental security features not only goes against customer expectations but also undermines the trust and reliability of a service that many use daily,” the author of the post wrote.

“Implementing these should be a basic standard, not an afterthought. It is inexcusable to not have these basic account security features in place.”

They also mentioned they have tried to get The Iconic’s attention, but have not received any response: “Contacting them is laughably convoluted and slow.”

The Iconic is Australia’s largest online retailer and has quickly become one of Aussies favourite shopping destinations thanks to its speedy shipping, generous return policy and — of course — fantastic sales that run all year around.

It sells the products of more than 1500 different clothing brands, many of them local Australian retailers.

The Reddit post resonated with many people, as they took to comments to further call out the brand.

“Multi Factor Auth is a must. I wouldn’t be trusting my credit card details with a site that didn’t support it,” one prson wrote.

“Yeah absolutely - unfortunately the Iconic has zero account safeguards. We’ve taken steps to remove all CC (credit card) details from similar vendors and just rely on PayPal or ApplePay to prove an extra layer before a purchase can be made,” agreed another.

A third person wrote: “That sucks, I didn’t realise there was no security. They should add a minimum question new device sign ins and definitely notify of account changes.”

The post prompted many people to reconsider their accounts with The Iconic, with several opting to delete their payment information saved with the brand.

A spokesperson for The Iconic said they have recently seen an increase in fraudulent activity and are urging customers to be vigilant when it comes to proactively managing their account security.

More Coverage

‘Run’: Why Aussies are flocking to David Jones

Rebekah Scanlan

Shoppers claim ‘big change’ at supermarket

Brooke Rolfe

“We have recently seen an increase in fraudulent account login attempts on THE ICONIC, which our security and fraud teams continue to actively manage, in conjunction with our security partners,” the spokesperson said.

“We are working with all customers to address these incidents, which are not a result of a data breach at THE ICONIC,” they said.

“The security of our customer data is of the utmost importance to us and we continue to work with our third party security partners to protect against all fraudulent activity.”