Privacy Tip #118 - How to Avoid “Credential Stuffing”

Robinson+Cole Data Privacy + Security Insider
Contact

‘Tis the season of stuffing stockings. ‘Tis also the season of “credential stuffing.” What is credential stuffing you ask?

According to Wikipedia, “credential stuffing is a type of cyber-attack where stolen account credentials are used to access user accounts through large-scale automated login requests directed against a web application.”

According to Shape Security, credential stuffing is “The #1 Cause of Account Takeover.”

Credential stuffing is conducted by cyber criminals who have obtained access to individuals’ usernames and passwords and can then access online platforms using those stolen user names and passwords. Usernames and passwords are commonly referred to as “credentials.” When your “credentials”—the username and password that you use to get onto an online platform to shop, conduct online banking, access frequent flyer miles, bitcoin accounts, etc., if the username and password is validated, anyone can access those accounts.

Cyber criminals have developed sophisticated ways to use technology, through automation, to test usernames and passwords, and when successful, to take over individuals’ accounts. Once they can take over the account, they have access to and can steal whatever is in it. It is estimated that over the past three years, $2.3 billion has been lost to account takeover.

The reason why credential stuffing is so successful for these cyber criminals is because people use the same passwords over and over because it is difficult to remember so many different passwords for each online activity. An effective way to prevent becoming a victim of credential stuffing is to not use the same password across online platforms, to change passwords frequently, and to use multi-factor authentication for online activity.

So enjoy stuffing those stockings this holiday season, but don’t become the victim of credential stuffing.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.