Did you hear it was Amazon Prime Day not long ago? If you didn’t, it really caused some people to be frustrated. In fact, many comments were posted on Amazon’s Facebook page about hurried consumers who couldn’t purchase their coveted prizes during this time because the website was slow, crashed, or just did something to prevent them. Well, according to a report from the security firm Shape Security, hackers may have helped cause the problems.
Ok, the report (2018 Credential Spill Report) by Shape Security didn’t explicitly blame hackers for that, but they did find that 90% of all login attempts at online shops are by cybercriminals.
Some key findings from the research:
- More than 2.3 billion, yes with a “b” usernames and passwords were “spilled” from 51 organizations last year.
- The banking industry in the U.S. loses nearly $50 million per day from credential stuffing attacks.
- It takes some time to discover credential spills; An average of 15 months in fact.
What is a credential spill? Well, Shape defines it in the report as “an incident in which a set of usernames and passwords from an organization become compromised.” Hackers use these username and password combinations to attack all kinds of sites, knowing that many users re-use these credentials across multiple websites; even between online shopping and their financial accounts. That’s really a big no-no. Hackers will take these combinations and do a process called “credential stuffing.” They test them on every website they can think of until they succeed. This happens more often than you’d think and far more often than it should.
That’s why security professionals keep going on and on about having unique credentials for every website. It truly is important.
Frequent flyer and award systems are also targeted for this. Hilton loyal customers experienced this a few years ago. And Shape also claimed some hackers will use grocery login credentials to order expensive cheese on the user's dime and resell it to restaurants.
So, follow good login credential practices. Create unique and strong passwords for every site and you can keep the hackers’ grubby fingers off your high-priced cheese.
For additional articles on fraud prevention and more, visit the Logix Security Center.