Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including

Security firm Akamai has published a report detailing criminal activity pertaining to a massive wave of credential stuffing attacks targeting the retail, travel, and hospitality industries. The campaign occurred between July of 2018 and June 2020. Akamai’s report includes examples of advertisements on the darknet demonstrating how cybercriminals gain financial

Tesco, a UK based supermarket, has been forced to issue 600,000 new loyalty cards after customers’ accounts were compromised by a malicious third party. Although the company’s IT systems were not compromised, hackers allegedly used a combo list of breached usernames and passwords to conduct a brute force attack. However,

Insurance and financial services group State Farm has suffered a credential stuffing attack in which the login credentials of an unknown number of customers were compromised. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain

Between November 2017 to April 2019, threat actors carried out 3.5 billion malicious login attempts as part of credential stuffing attacks, in which credentials exposed in a data breach at one firm are used to gain access to accounts at another company. Akamai also identified close to 200,000 phishing domains

A new Security.org report underscores how poor the password practices of many people still are. The survey found that the vast majority (72%) of users reuse passwords. On average, recycled passwords are used for 4 different accounts. Password recycling is a terrible practice because it puts users at risk of

TripAdvisor is taking a proactive approach to prevent its users from falling victim to credential stuffing attacks by invalidating member passwords if the password and corresponding email address were found in publicly leaked data breach databases. Credential stuffing attacks, in which a threat actor uses leaked or stolen login credentials

An extensive Akamai report on the state of Internet security highlights the growing cyber threat for gamers. According to the study, gaming websites were the target of around 12 billion credential stuffing attacks between (November 2017 and March 2019. In a credential stuffing attack, a threat actor uses leaked or

Between April 23 and May 10, threat actors compromised 461,091 user accounts for the e-commerce portals of Uniqlo and GU, the Japanese company that owns the two brands acknowledged in a statement on Monday. Fast Retailing Co., the biggest retail firm in Asia, said that hackers managed to obtain access

A new elaborate report by Recorded Feature takes a deep dive into the world of credential stuffing. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, based on the knowledge