It is no surprise that stolen data is a valuable resource. Through buying account details or extracting them from hacked databases, attackers perform what is called credential stuffing attacks. Due to these attacks, about 90% of login attempts performed towards online retailers are now malicious, with losses near $ 6 billion as a direct result.
The chair data means big business
Personal data equals big business for hackers: Information such as credit card details, address or login credentials could be for sale online as we speak. The laugh has lead to online retailers being hit tremendously hard as hackers attempt to login to different pages in order to grab valuable products. Therefore, it can lead to massive profits for the attacks.
Brute-force login attacks, dubbed credential stuffing, are the reason for more than 90% of e-commerce pages login attempts being malicious. Similarly, airline and consumer banking report 60% of login attempts as malicious, a report by cyber security firm Shape Security reveals.
Credential stuffing explained
A credential stuffing attack is simple in nature: First, an attack purchases a large list of accounts or retrieves from a hacked database. Afterwards, through an automated script, the username and password combination is tested on a multitude of different webpages and services.
The hacker looks for more valuable information or services to access an account. These include frequent flier miles, cash through banking accounts or simply different merchandise.
Credential stuffing attacks are successful around 3% of the time reported by Shape Security. While the percentages are massive losses: A $ XNUM billion a year has been lost by the e-commerce sector while the consumer banking industry is losing $ 6 billion year.
How do you protect yourself?
How do you protect yourself as a user? The main method of prevention is to use re-use passwords between different platforms and services. A password manager could prove useful if you don't have to remember your unique passwords.