Credential stuffing and data breaches

Credential stuffing and data breaches

Data breaches are occurring at a rate higher than ever, and they’re happening at businesses. In fact, 75% of retailers in the U.S. have been hit in 2018 according to a new report, while last year 50% were hit.

The biggest data breaches in the world are outlined in this graphic. Your business unfortunately has a pretty good chance of being hit, so it’s important you know what is exactly happening when your data is breached.

It’s called “credential stuffing.” If your business data gets breached, hackers are looking for huge lists of emails, passwords or usernames. Then once they have this, they can start piecing it all together.

For example: you have a leaked email address/username and also a leaked password from LinkedIn and MyFitnessPal. Hackers use all three pieces of information to try and log into other types of accounts in case one of them uses the same credentials—but they’re doing this all through large-scale automated login requests.

With this method, they can automate login try on various accounts on different platforms, all with the same credentials. While this sounds malicious and awful, there are steps you and your business can take to mitigate the danger.

Here’s what you can do:

1.      Sign up for HaveIBeenPawned.com. You’ll get notified if your email address has been in a breach of data.

2.      Block malicious links with your browser. uBlock:Origin with Chrome or FireFox works great. Start there.

3.      Use a password manager. Password Safe or KeePass makes it easier to use randomly generated passwords for every site you use.

4.      STOP USING THE SAME PASSWORD. I’m sorry for raising my voice—More than 80% of us do it, and we really, really shouldn’t.

Leave a reply