Welcome to the Logix SmartLab

Credential Stuffing Key Reason To Have Unique Passwords For Every Account

Posted by Sherlogix Holmes on 8/29/2019

Robix Office Lock

Did you hear it was Amazon Prime Day not long ago? If you didn’t, it really caused some people to be frustrated. In fact, many comments were posted on Amazon’s Facebook page about hurried consumers who couldn’t purchase their coveted prizes during this time because the website was slow, crashed, or just did something to prevent them. Well, according to a report from the security firm Shape Security, hackers may have helped cause the problems.

1535388325

1535387934

Ok, the report (2018 Credential Spill Report) by Shape Security didn’t explicitly blame hackers for that, but they did find that 90% of all login attempts at online shops are by cybercriminals.

Some key findings from the research:

  • More than 2.3 billion, yes with a “b” usernames and passwords were “spilled” from 51 organizations last year.
  • The banking industry in the U.S. loses nearly $50 million per day from credential stuffing attacks.
  • It takes some time to discover credential spills; An average of 15 months in fact.

What is a credential spill? Well, Shape defines it in the report as “an incident in which a set of usernames and passwords from an organization become compromised.” Hackers use these username and password combinations to attack all kinds of sites, knowing that many users re-use these credentials across multiple websites; even between online shopping and their financial accounts. That’s really a big no-no. Hackers will take these combinations and do a process called “credential stuffing.” They test them on every website they can think of until they succeed. This happens more often than you’d think and far more often than it should.

That’s why security professionals keep going on and on about having unique credentials for every website. It truly is important.

Frequent flyer and award systems are also targeted for this. Hilton loyal customers experienced this a few years ago. And Shape also claimed some hackers will use grocery login credentials to order expensive cheese on the user's dime and resell it to restaurants.

So, follow good login credential practices. Create unique and strong passwords for every site and you can keep the hackers’ grubby fingers off your high-priced cheese.

1516037899

For additional articles on fraud prevention and more, visit the Logix Security Center.

© Copyright 2019 Stickley on Security
____________________________
 
Logix is proud to partner with Stickley on Security to help ensure our staff and members are well informed about current fraud avoidance best practices. The content above was provided by Stickley on Security and may not always represent the views of Logix.

 

Topics: Fraud & Identity Theft

Meet the blogger

Sherlogix Holmes

Sherlogix Holmes

All things fraud news and fraud prevention tips presented by Logix Fraud Risk Management. We know the importance of staying apprised of fraud trends and want to share our knowledge so you, too, can combat fraud and spread the word to family and friends.

Hi there! Come on in.

Feel free to peruse about. Here you’ll find stories, posts and tools aimed to assist you as you’re faced with daily to once-in-a-lifetime financial quandaries. This is your SmartLab (lab coat optional). We want you to get the most from our articles, and we welcome your ideas to help us continue to bring valuable content to you. Check out the comment section at the bottom of every post for easy ways to share feedback. We’re learning, too, and what better way to encourage smarter banking than to share tips and resources with each other? Not to mention, it’s a great chance for us to get to know each other!

Subscribe to Email Updates

Recent Posts