• Register

Data Net Blog

By accepting you will be accessing a service provided by a third-party external to

Credential Stuffing and How It Can Lead to a Data Breach

Credential Stuffing and How It Can Lead to a Data Breach

Right now, a lot of people have had a lot more time on their hands than they typically would, so many of them are spending a lot of time on the assorted streaming services to entertain themselves. Unfortunately, cybercriminals have taken note. In light of all this, it seems like an apt time to discuss a particular threat known as credential stuffing.

What is Credential Stuffing?

Credential stuffing is another means that cybercriminals can use to access your accounts. It also just so happens to be the exact reason that we recommend that you use a unique set of access credentials for each account you hold.

What is credential stuffing? Well, let’s say that Bob used a single password for all his online accounts—social media, online shopping, banking and finance, even his work password. However, unbeknownst to Bob, one of his social media accounts was made vulnerable in a data breach. As a result, any Tom, Dick, or Hacker who now has the spoils of that data breach can go and start plugging Bob’s username and password into other sites to see if they work.

This is credential stuffing, as the same credential pair are stuffed into different accounts to see if there is a match. Unfortunately, in Bob’s case, there will be… and the hacker will be able to then access his finances and work accounts.

The Current Situation

Not long ago, platform service provider Akamai compiled a report of data they had collected from 2018 and 2019 to present to the media industry. However, just before they were to release it, the COVID-19 pandemic reared its head and postponed their release. As a result, Akamai was able to collect more data to show how these trends were affected by the pandemic… and what an effect it was.

The prevalence of credential stuffing leapt up as the coronavirus spread. Upon review of the graphs that Akamai’s data was compiled into, the scale these graphs followed exploded. Graphs that once depicted a scale covering the tens of millions suddenly needed to be spaced out by the hundreds of millions. Amid Europe’s lockdown, an unnamed video media service was targeted by over 354 million malicious login attempts on March 26 alone. The whole of March saw over 6 billion such attempts in total.

There are also some telling insights about the scale of these attacks to be seen in the economics of cybercrime. At the start of Q1 2020, researchers observed prices for video media accounts ranging between one and five dollars, with bundled services netting cybercriminals anywhere from $10 to $45 a pop. By the end of the quarter, the sudden influx of available accounts caused these prices to take a nosedive.

Why This is Important

This should all serve as a very effective case study, describing why you don’t recycle your credentials across different accounts.

“Come on, why would anyone hack into my stuff?”

This thought has probably crossed your mind at some point, likely as you signed up for a new account with something. Sheesh, I’m not that important. Do I really need such a secure account, it isn’t like anyone cares enough to hack me, right?

Plus, there’s no denying that one password is easier to remember than however many we’re supposed to have.

This has resulted in many people recycling their access credentials across different platforms and services, which is why credential stuffing is as big of a problem as it is. Fine, it may not be such a huge deal that someone’s skimming off of your Hulu subscription… but, it is much different to have someone skimming off your bank account, isn’t it? If your work accounts were to be hijacked, that’s an even bigger can of worms that you don’t want opened.

So, what can be done?

The first thing that you need to do is to review all of your accounts and ensure that they each have a unique and secure password. Here at Data Net, our recommendation is that your passwords comply to certain requirements to make sure they are effective:

  • Lots of characters
  • A diverse mix of letters, numbers, and symbols
  • No personally identifiable details (like your pet’s name, hobbies, etc.)

A passphrase is another option to consider. A passphrase takes multiple random words and strings them together. So, instead of something easily guessable, like “password”, you have something like “PortionHutHenConcreteThesis.”

This creates a very memorable, yet effectively impossible to crack, authentication code for you to use.

Of course, with the number of accounts that we all have today, all of these passwords/passphrases can be challenging to keep track of. That’s why we recommend the use of a password manager. With the help of a password manager, your passwords can be saved in an encrypted vault for your on-demand use.

At Data Net, we understand the importance of true data security, and can help your business accomplish more, more securely, with our IT services. Learn more about what we have to offer by calling our team at (760) 466-1200.

No, Apple and Google Are Not Tracking Whether or N...
Tip of the Week: Basic Best Practices for Working ...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, September 26, 2020

Captcha Image

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Data Efficiency Communication Privacy IT Support Malware Hackers Google Smartphones Innovation Cloud Small Business User Tips Hardware Email Microsoft Workplace Tips VoIp Software Users Communications Cybersecurity Managed IT Services Mobile Device Computer Business Collaboration Internet Tech Term Hosted Solutions Mobile Devices Business Management Android Outsourced IT Ransomware Social Media Windows 10 Miscellaneous Cloud Computing Backup Phishing Passwords Managed Service Smartphone Network Browser Information IT Services Apps Upgrade Wi-Fi Data recovery Saving Money Covid-19 Data Backup Bandwidth Gadgets Holiday Facebook Applications Networking Internet of Things Microsoft Office Wireless Windows Compliance Remote Work VPN BDR Managed IT services Blockchain Patch Management Employer-Employee Relationship Automation Access Control Chrome Gmail Quick Tips Marketing Data Breach Apple Laptop Health Word Voice over Internet Protocol Router Conferencing Going Green Analytics Value Managed IT Service Business Intelligence Mobile Office Office 365 Employee-Employer Relationship Save Money Payment Cards Company Culture Disaster Recovery Battery Social Network iPhone Cortana Paperless Office Remote Monitoring Education Remote Computing Healthcare Remote Wireless Charging Government Virus Net Neutrality Data Management How To Processor Retail G Suite Office Virtual Assistant Data Security Telephone System Virtualization Tech Terms Cost Management Physical Security Mobility Computers Bring Your Own Device Content Filtering Data Protection Batteries RAM Server Remote Monitoring and Management Settings Excel Medical IT Telephony Windows 7 Twitter Mobile Device Management Artificial Intelligence Cybercrime Scam Password Connectivity Business Technology Business Continuity Paper File Sharing Millennials Payment Backup and Disaster Recovery Botnet Remote Working Specifications Customer Service Holidays Machine Learning Tactics Travel Humor Wearables Virtual Reality Movies Touchscreen Knowledge disposal Staff WhatsApp Shadow IT GDPR Chrome OS File Management IT Management Mobile Security Website Encryption Eliminating Downtime Hard Drive Updates Ink instant Messaging Threats Hard Drives Managing Stress Lead Generation OneNote Memes News Microsoft Office 365 Employees Distribution Server Management Licensing Virtual Private Network Maintenance Plug-In Digital Websites Computer Repair Streaming Media Storage eCommerce Current Events Operating System Innovations BYOD Processors Certification PowerPoint Vulnerabilities Scams SSD PCI DSS Troubleshooting Windows Server 2008 R2 Telecommute Live Streaming IT Law Enforcement Telecommuting Recycling Remote Workers Unified Communications Authentication Solid State Drive Fleet Management Tech Support Customer Relationship Management Internet Explorer Proactive IT Safety IT Service Downloads Dark Web Sales Online Shopping Human Resources Wireless Internet User Tip Spyware Display Hosted Desktop Sports Reporting Cryptocurrency Project Management Remote Support Regulations Compliance Update Taskbar Data loss Personal Information Big Data Technology Tips Cleaning Authorization Hard Disk Drive Multi-Factor Authentication Database Alert Managed Service Provider Vulnerability Threat Benchmarks Edge Mobile Trends Error Tablet Managed Services Provider Network Attached Storage Environment Amazon Training Firewall User Security Search IT budget Meetings Hybrid Cloud Outlook WannaCry Help Desk National Security HP Spam Workers E-Commerce Bitcoin Management Microsoft Teams Comparison Video Co-Managed IT Printing Security Cameras Risk Management Dongle Recovery A.I. Electronic Health Records Vendor e-waste Tip of the week Congratulations Profiles SaaS Voice over IP Time Management Insurance Inventory Printer Cables Profitability HIPAA Document Management Antivirus Financial Printers Regulation WiFi Thank You Analysis

Latest News & Events

Please join us in congratulating Bill Vann on his promotion to Customer Success Manager....

Contact Us

Learn more about what Data Net can do for your business.

Call Us Today
Call us today
(760) 466-1200

5795 Kearny Villa Road
San Diego, California 92123