Credential stuffing – Page 12

Credential Stuffing List Containing 111 Million Records Found Online

Posted on July 10, 2018 by David Bisson

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passw… Continue reading Credential Stuffing List Containing 111 Million Records Found Online→

How Starbucks Combats Account Takeover (ATO)

Posted on June 28, 2018 by Shape Security

Account Takeovers (ATOs) and credential stuffing represent a huge threat to the retail industry. In fact, they pose major problems for any vertical in which customers tend to reuse passwords for multiple accounts. Password reuse makes compromised crede… Continue reading How Starbucks Combats Account Takeover (ATO)→

How Cybercriminals Monetize E-Commerce Fraud

Posted on June 12, 2018 by Shape Security

E-commerce fraud has grown to the point where it’s a now a bigger drain on retail profits than shoplifting or inventory shrinkage. Based on the information we’ve gathered defending many of the largest retailers, banks and airlines in the wo… Continue reading How Cybercriminals Monetize E-Commerce Fraud→

Could this be the end of password re-use?

Posted on May 9, 2018 by John E Dunn

It’s password security’s Achilles heel: too many people make life easy for cybercriminals by re-using the same ones over and over. But what if there were a way for websites to compare notes on whether a password (or similar password) has been set by a … Continue reading Could this be the end of password re-use?→

Key Takeaways: Using a Blacklist of Stolen Passwords [Webinar]

Posted on March 14, 2018 by Shape Security

More than 90 billion passwords are being used across the web today, and it’s expected to be nearer 300 billion by 2020. With that in mind, the topics of password best practices and the threats around stolen credentials, remain top challenges for … Continue reading Key Takeaways: Using a Blacklist of Stolen Passwords [Webinar]→

Complying with NIST Guidelines for Stolen Passwords

Posted on March 1, 2018 by Chris Fuller

It seems everyone today is talking about stolen passwords, but this is an older problem than people realize. Protecting your enterprise from credential stuffing attacks and account takeover as a result of stolen credentials is at the heart of the discu… Continue reading Complying with NIST Guidelines for Stolen Passwords→

Key Takeaways: Retail Threat Briefing Webinar with R-CISC

Posted on February 27, 2018 by Shape Security

In the era of Amazon and mainstream e-commerce, every online retailer has to deliver a compelling user experience across their web and mobile channels while protecting customers from cyberattacks and fraud. Recently, Shape collaborated with R-CISC to s… Continue reading Key Takeaways: Retail Threat Briefing Webinar with R-CISC→

Password Breaches Fueling Booming Credential Stuffing Business

Posted on May 24, 2017 by Tom Spring

The market for automated credential stuffing tools is growing fast, because of a record number of breaches. Continue reading Password Breaches Fueling Booming Credential Stuffing Business→

Hackers reuse passwords to access 26,500 National Lottery accounts

Posted on November 30, 2016 by Alison Booth

If you’ve been affected – and even if you haven’t – now is a good time to stop re-using passwords Continue reading Hackers reuse passwords to access 26,500 National Lottery accounts→

Old SSH Vulnerability at Center of Credential-Stuffing Attacks

Posted on October 13, 2016 by Michael Mimoso

Akamai warns that attackers are compromising IOT devices and using them as proxies to test stolen credentials against web-based applications. Continue reading Old SSH Vulnerability at Center of Credential-Stuffing Attacks→