Hackers tried recycled passwords on more than a million accounts

James said more than 15 billion stolen credentials are currently in circulation, putting those users’ personal information ‘in jeopardy’. — Technology photo created by freepik - www.freepik.com

More than one million online accounts across 17 well-known companies were the victim of hacking attempts that reused previously stolen passwords swirling around the internet, New York’s top law enforcement officer said on Jan 5.

The ruse, known as a “credential stuffing attack”, involves a cyber criminal trying to repeatedly access someone’s account by deploying user names and passwords that were previously made public. User names and passwords are sometimes posted or sold on the dark web or hacking forums after being stolen in cyberattacks.

Attorney General Letitia James said hackers take advantage of the fact that people tend to re-use passwords across multiple sites. In a credential-stuffing attack, the hacker may submit hundreds of thousands, or even millions of login in attempts using specialised software.

James said more than 15 billion stolen credentials are currently in circulation, putting those users’ personal information “in jeopardy”. She said her office worked with the 17 firms, which weren’t named, to help shore up their cybersecurity, protect their customers and further understand how the attacks occurred.

The attorney general’s office spent months monitoring online communities dedicated to credential stuffing and found thousands of posts that contained customer login credentials that hackers had tested for attacks. From those posts, state officials compiled credentials to compromised accounts at 17 well-known online retailers, restaurant chains and food delivery services. – Bloomberg

Article type: free
User access status:
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Canoo production starts could slip, but CEO remains confident in funding
Mexican cryptocurrency platform Bitso launches in Colombia
Tesla removed from S&P 500 ESG index on autopilot, discrimination concerns
India to press ahead with strict cybersecurity rules despite industry concerns
Google's Russian subsidiary to file for bankruptcy after bank account seized
Musk wars with Twitter over his buyout deal – on Twitter
Analysis-Elon Musk can't easily give Twitter the boot over bots
Saudi Arabia's wealth fund takes 5% Nintendo stake
Microsoft seeks to dodge EU cloud computing probe with changes
Analysis-Zombie unicorns: Indian startups go from feast to famine

Others Also Read