How Malicious Hackers Use Stolen Logins
A look credential stuffing, a common method used to take advantage of stolen login credentials.
These days, passwords to our digital accounts are incredibly important. They give access to a ton of different services, from social media accounts, video streaming sites, online shops, and many more.
This is why it’s always concerning when we hear news of large corporations compromising their customers’ credentials through data breaches.
You might wonder then, about how this stolen login information is used.
One of the most common methods used by malicious hacker groups to take advantage of this information are credential stuffing attacks.
These attacks operate on a rather simple premise: they take all of the stolen login information they have and then try to access other websites. It’s not a terrible idea either, considering the fact that average internet users may not use different passwords for different websites. Some don’t even use two-factor authentication.
The number of credential stuffing attempts jumped by leaps and bounds in 2018. According to security firm Akamai, there were a staggering 30 billion credential stuffing attacks attempted throughout the year. The targets of these attacks ran through a wide gauntlet of domains, including retail, gaming, and media websites.
It’s a problem that could potentially affect you as well. All of these stolen credentials can translate to monetary gain for the groups that hold them, and there have already been attempts to sell them on the dark web. In January 2019, it was discovered that close to 773 million email addresses and over 21 million unique passwords had been shared on a forum online. The following month, it was reported that almost 620 million stolen account credentials were found on sale in the dark web. The price? A paltry $20,000.
This is why we strongly suggest that everyone take a close look at their passwords, and strongly consider using different passwords for their key accounts. It’s also why you should use tools like Have I Been Pwned once in a while.
Taking these precautions help ensure two things:
- One single stolen login won’t compromise your entire digital presence.
- You will be able to better isolate which accounts have been compromised and notify the connected service providers about the problem.
The threat to your accounts will likely only grow in coming years, as malicious hackers are consistently getting better at finding ways to trick you into parting with your information.
It never hurts to be vigilant with your account security. If you’re looking some excellent tips about how to create better passwords, we’ve got a great article for you!