08 Aug 2019

State Farm Accounts Compromised in Credential Stuffing Attack

Insurance and financial services group State Farm has suffered a credential stuffing attack in which the login credentials of an unknown number of customers were compromised. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain

Read More
01 Aug 2019

Capital One is not alone: 3.5B malicious login attacks target banks and customers

Between November 2017 to April 2019, threat actors carried out 3.5 billion malicious login attempts as part of credential stuffing attacks, in which credentials exposed in a data breach at one firm are used to gain access to accounts at another company. Akamai also identified close to 200,000 phishing domains

Read More
19 Jul 2019

Why 72% of people still recycle passwords

A new Security.org report underscores how poor the password practices of many people still are. The survey found that the vast majority (72%) of users reuse passwords. On average, recycled passwords are used for 4 different accounts. Password recycling is a terrible practice because it puts users at risk of

Read More
24 Jun 2019

TripAdvisor Invalidates Member Passwords Found in Data Breaches

TripAdvisor is taking a proactive approach to prevent its users from falling victim to credential stuffing attacks by invalidating member passwords if the password and corresponding email address were found in publicly leaked data breach databases. Credential stuffing attacks, in which a threat actor uses leaked or stolen login credentials

Read More
14 Jun 2019

The gaming community is a rising target for credential stuffing attacks

An extensive Akamai report on the state of Internet security highlights the growing cyber threat for gamers. According to the study, gaming websites were the target of around 12 billion credential stuffing attacks between (November 2017 and March 2019. In a credential stuffing attack, a threat actor uses leaked or

Read More
15 May 2019

Over 460,000 E-Retailer User Accounts Hacked

Between April 23 and May 10, threat actors compromised 461,091 user accounts for the e-commerce portals of Uniqlo and GU, the Japanese company that owns the two brands acknowledged in a statement on Monday. Fast Retailing Co., the biggest retail firm in Asia, said that hackers managed to obtain access

Read More
26 Apr 2019

The Anatomy of Highly Profitable Credential Stuffing Attacks

A new elaborate report by Recorded Feature takes a deep dive into the world of credential stuffing. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, based on the knowledge

Read More
28 Feb 2019

28 Billion Credential Stuffing Attempts During Second Half of 2018

A new Akamai report sheds light on the immense popularity of credential stuffing attacks among cyber criminals. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, based on the

Read More
27 Feb 2019

Attackers Continue to Focus on Users, Well-Worn Techniques

Two new research reports indicate that threat actors mostly rely on traditional techniques, including phishing and credential stuffing, to target organizations. Trend Micro’s yearly security report for 2018 shows that the company detected 82% more phishing URLs in 2018 than it did the year before. The other report, a Rapid7

Read More
13 Feb 2019

Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

For the second time in three months, Dunkin’ Donuts has stopped a credential stuffing attack targeting it’s loyalty program. The company believes the attackers aimed to compromise loyalty accounts by trying out login credentials for user accounts with other companies that have suffered a data breach. Credential stuffing takes advantage of

Read More