01 Jul What is Credential Stuffing
Credential stuffing is a strategy where hackers will collect a set of usernames and passwords from a corporate breach and then try and stuff those usernames and passwords into several other digital media platforms. Hackers make use of the fact that most users have the same passwords for several platforms\sites. Billions of credentials have been stolen in recent years.
Many users don’t change their passwords, even if there has been a data breach, cybercriminals use credential stuffing for almost anything: spamming, phishing, and account takeovers.
How Big is the Problem
HaveIBeenPwned is the largest free data breach notification service. The website has tracked
over 8.5 billion compromised user accounts and credentials from over 410 different data breaches.
Akamai, one of the leading content delivery networks, observed a massive 61 billion credential stuffing attacks in just 18 months between January 2018 and June 2019. Akamai explained that cybercriminals have crafted several applications that streamline and automate credential stuffing, making it possible even for low-skill cybercriminals to launch attacks.
The best way for users to stay safe is by using unique passwords on each account. This may seem extreme and complex but it is going to be the best way to safeguard your information and from credential stuffing.
Businesses need to adopt a strong security process to avoid data breaches. A company needs to administer a policy where its users provide unique passwords and also change them on a timely basis. Companies can also provide added login security mechanisms such as captchas, two-factor or multifactor authentication, and password encryption. These corporations can also use security methods such as device fingerprinting, IP blacklisting, and blocking headless browsers. Companies need to deploy strong web application firewall systems and even a minor increase in the login failure rate must be thoroughly examined to prevent such attacks.