Did you know that there was over $500 million dollars of consumer loss for data breaches in 2023? (According to the 2023 IC3 annual report.)
One way cybercriminals can gain access to accounts during a data breach is by using credential stuffing attacks. Credential stuffing or stealing attacks use stolen usernames and passwords to attempt to take over a user’s account. This process is repeated over and over while cybercriminals try to find a successful match in order to takeover an account.
Process of a credential stuffing attack
Red flags
- Watch for any type of suspicious login activity
- Notice any unusual account lockouts
- Receive multiple authentication attempts to approve a device when you are not trying to access the account
How to minimize risk
- Never reuse the same password
- Use multi-factor authentication
- Use a password manager
Potential business implications
- Financial loss
- Organization's reputation damage
Credential Stuffing Attacks in the News
Reporting Crimes
Report all crimes to your local police department and to the following agencies:
How LaScala Can Help
Contact us today at sales@lascala.com and get started on proactive threat hunting, security awareness training, and more security protection.
Sources
1 - Internet Crime Complaint Center (IC3): https://www.ic3.gov/
2 - Fortinet: https://www.fortinet.com/resources/cyberglossary/credential-stuffing
3 - Proofpoint: https://www.proofpoint.com/us/threat-reference/credential-stuffing
Disclaimer
Please respect all trademarks mentioned in this document as their respective owners.
