FBI PIN – Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts

The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that cyber criminals are leveraging proxies and configurations to mask and automate credential stuffing attacks on online customer accounts of U.S. businesses. These attacks, if successful, can lead to financial losses associated with fraudulent purchases, customers being notified, system downtime and remediation, and reputational cost. Credential stuffing attacks involve a threat actor using legitimate username and password combinations from previously compromised online sources or data leaks and applying them to other victim accounts. According to the PIN, “Malicious actors utilizing valid user credentials have the potential to access numerous accounts and services across multiple industries … to fraudulently obtain goods, services and access other online resources such as financial accounts at the expense of legitimate account holders.” Additionally, the PIN provides recommendations for organizations and individuals to defend against this activity. The FBI encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov. Access the PIN below.