63 billion credential stuffing attacks hit retail, hospitality, travel industries
Security firm Akamai has published a report detailing criminal activity pertaining to a massive wave of credential stuffing attacks targeting the retail, travel, and hospitality industries. The campaign occurred between July of 2018 and June 2020. Akamai’s report includes examples of advertisements on the darknet demonstrating how cybercriminals gain financial compensation for the successful attacks and the subsequent data theft.
Credential stuffing has risen in popularity as a successful attack form among threat actors, according to Akamai, due to their nature in containing tons of personal and financial information. Retail and loyalty profiles are an attractive target to cybercriminals, as they can sell personal information to other criminals who will later use the data for further attacks such as phishing attempts. During the COVID-19 pandemic, criminals allegedly recirculated old credential lists in an effort to detect new vulnerable accounts. According to security researchers, more than 100 billion credential stuffing attacks were observed between July of 2018 and June 2020.