24 May 2022

US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info

General Motors, a US based automobile manufacturer, has announced that it suffered from a credential stuffing attack last month that ultimately exposed customer information. In addition, the attack allowed hackers to redeem rewards points and gain gift cards. General Motors stated that they detected the malicious activity between April 11

Read More
06 Jan 2022

NY AG notifies 17 companies of breaches, says 1.1 million accounts compromised in attacks

The New York Attorney General Letitia James has notified seventeen different companies of cyberattacks that compromised user information. The attacks were discovered during an investigation into credential stuffing, and more than one million customer accounts were compromised. James reported that the attacks were previously undetected. The businesses included well-known online

Read More
15 Oct 2021

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Verizon’s Visible wireless carrier has confirmed that user accounts were hijacked in a security incident. Users are posting stories of forcibly changed passwords and getting stuck with bills for new iPhones. According to Verizon, users lose control of their accounts on Wednesday, had their passwords and shipping addresses changed, and

Read More
21 May 2021

Global Credential Stuffing Attempts Hit 193 Billion in 2020

According to security vendor Akamai, there was roughly 193 billion credential stuffing attempts during 2020 due to surging numbers of online users. Akamai detailed its findings in its latest report, the 2021 State of the Internet / Security publication, looking to reveal the scale of attempts to hack users’ accounts

Read More
24 Nov 2020

Up to 350,000 Spotify Users Targeted by Credential Stuffers

Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including

Read More
23 Oct 2020

63 billion credential stuffing attacks hit retail, hospitality, travel industries

Security firm Akamai has published a report detailing criminal activity pertaining to a massive wave of credential stuffing attacks targeting the retail, travel, and hospitality industries. The campaign occurred between July of 2018 and June 2020. Akamai’s report includes examples of advertisements on the darknet demonstrating how cybercriminals gain financial

Read More
05 Mar 2020

Tesco Issues 600,000 New Clubcards After Brute Force Attack

Tesco, a UK based supermarket, has been forced to issue 600,000 new loyalty cards after customers’ accounts were compromised by a malicious third party. Although the company’s IT systems were not compromised, hackers allegedly used a combo list of breached usernames and passwords to conduct a brute force attack. However,

Read More
08 Aug 2019

State Farm Accounts Compromised in Credential Stuffing Attack

Insurance and financial services group State Farm has suffered a credential stuffing attack in which the login credentials of an unknown number of customers were compromised. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain

Read More
01 Aug 2019

Capital One is not alone: 3.5B malicious login attacks target banks and customers

Between November 2017 to April 2019, threat actors carried out 3.5 billion malicious login attempts as part of credential stuffing attacks, in which credentials exposed in a data breach at one firm are used to gain access to accounts at another company. Akamai also identified close to 200,000 phishing domains

Read More
19 Jul 2019

Why 72% of people still recycle passwords

A new Security.org report underscores how poor the password practices of many people still are. The survey found that the vast majority (72%) of users reuse passwords. On average, recycled passwords are used for 4 different accounts. Password recycling is a terrible practice because it puts users at risk of

Read More