Hackers tried recycled passwords on more than a million accounts

James said more than 15 billion stolen credentials are currently in circulation, putting those users’ personal information ‘in jeopardy’. — Technology photo created by freepik - www.freepik.com

More than one million online accounts across 17 well-known companies were the victim of hacking attempts that reused previously stolen passwords swirling around the internet, New York’s top law enforcement officer said on Jan 5.

The ruse, known as a “credential stuffing attack”, involves a cyber criminal trying to repeatedly access someone’s account by deploying user names and passwords that were previously made public. User names and passwords are sometimes posted or sold on the dark web or hacking forums after being stolen in cyberattacks.

Attorney General Letitia James said hackers take advantage of the fact that people tend to re-use passwords across multiple sites. In a credential-stuffing attack, the hacker may submit hundreds of thousands, or even millions of login in attempts using specialised software.

James said more than 15 billion stolen credentials are currently in circulation, putting those users’ personal information “in jeopardy”. She said her office worked with the 17 firms, which weren’t named, to help shore up their cybersecurity, protect their customers and further understand how the attacks occurred.

The attorney general’s office spent months monitoring online communities dedicated to credential stuffing and found thousands of posts that contained customer login credentials that hackers had tested for attacks. From those posts, state officials compiled credentials to compromised accounts at 17 well-known online retailers, restaurant chains and food delivery services. – Bloomberg

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Apple launches buy now, pay later service
Microsoft offers to change cloud computing practices after rivals' complaint, source says
Microsoft prepares to settle EU antitrust complaint on Cloud - Bloomberg News
Meta, Google defend Brazilian law on Internet platform responsibility for content
AI computing startup Cerebras releases open source ChatGPT-like models
German regulator launches antitrust review of Microsoft
US�woman seeks US$6.3bil�in revenge-porn lawsuit, US$10,000�for each of her social media fans
China arrests four over major anime piracy site, says lobby group
Amazon delivery driver charged with assaulting US�homeowner told police he defended himself
Steam will stop working on computers running Windows 7, 8 and 8.1 next year

Others Also Read