Right now, a lot of people have had a lot more time on their hands than they typically would, so many of them are spending a lot of time on the assorted streaming services to entertain themselves. Unfortunately, cybercriminals have taken note. In light of all this, it seems like an apt time to discuss a particular threat known as credential stuffing.
What is Credential Stuffing?
Credential stuffing is another means that cybercriminals can use to access your accounts. It also just so happens to be the exact reason that we recommend that you use a unique set of access credentials for each account you hold.
What is credential stuffing? Well, letโs say that Bob used a single password for all his online accountsโsocial media, online shopping, banking and finance, even his work password. However, unbeknownst to Bob, one of his social media accounts was made vulnerable in a data breach. As a result, any Tom, Dick, or Hacker who now has the spoils of that data breach can go and start plugging Bobโs username and password into other sites to see if they work.
This is credential stuffing, as the same credential pair are stuffed into different accounts to see if there is a match. Unfortunately, in Bobโs case, there will beโฆ and the hacker will be able to then access his finances and work accounts.
The Current Situation
Not long ago, platform service provider Akamai compiled a report of data they had collected from 2018 and 2019 to present to the media industry. However, just before they were to release it, the COVID-19 pandemic reared its head and postponed their release. As a result, Akamai was able to collect more data to show how these trends were affected by the pandemicโฆ and what an effect it was.
The prevalence of credential stuffing leapt up as the coronavirus spread. Upon review of the graphs that Akamaiโs data was compiled into, the scale these graphs followed exploded. Graphs that once depicted a scale covering the tens of millions suddenly needed to be spaced out by the hundreds of millions. Amid Europeโs lockdown, an unnamed video media service was targeted by over 354 million malicious login attempts on March 26 alone. The whole of March saw over 6 billion such attempts in total.
There are also some telling insights about the scale of these attacks to be seen in the economics of cybercrime. At the start of Q1 2020, researchers observed prices for video media accounts ranging between one and five dollars, with bundled services netting cybercriminals anywhere from $10 to $45 a pop. By the end of the quarter, the sudden influx of available accounts caused these prices to take a nosedive.
Why This is Important
This should all serve as a very effective case study, describing why you donโt recycle your credentials across different accounts.
โCome on, why would anyone hack into my stuff?โ
This thought has probably crossed your mind at some point, likely as you signed up for a new account with something. Sheesh, Iโm not that important. Do I really need such a secure account, it isnโt like anyone cares enough to hack me, right?
Plus, thereโs no denying that one password is easier to remember than however many weโre supposed to have.
This has resulted in many people recycling their access credentials across different platforms and services, which is why credential stuffing is as big of a problem as it is. Fine, it may not be such a huge deal that someoneโs skimming off of your Hulu subscriptionโฆ but, it is much different to have someone skimming off your bank account, isnโt it? If your work accounts were to be hijacked, thatโs an even bigger can of worms that you donโt want opened.
So, what can be done?
The first thing that you need to do is to review all of your accounts and ensure that they each have a unique and secure password. Here at WheelHouse IT, our recommendation is that your passwords comply to certain requirements to make sure they are effective:
- Lots of characters
- A diverse mix of letters, numbers, and symbols
- No personally identifiable details (like your petโs name, hobbies, etc.)
A passphrase is another option to consider. A passphrase takes multiple random words and strings them together. So, instead of something easily guessable, like โpasswordโ, you have something like โPortionHutHenConcreteThesis.โ
This creates a very memorable, yet effectively impossible to crack, authentication code for you to use.
Of course, with the number of accounts that we all have today, all of these passwords/passphrases can be challenging to keep track of. Thatโs why we recommend the use of a password manager. With the help of a password manager, your passwords can be saved in an encrypted vault for your on-demand use.
At WheelHouse IT, we understand the importance of true data security, and can help your business accomplish more, more securely, with our IT services. Learn more about what we have to offer by calling our team at (877) 771-2384.
Contact Us Today and Check Out Our Blog!