Security Awareness – Credential Reuse Contributes to Increase in Credential Stuffing Attacks

Credential stuffing attacks became so pervasive in the first quarter of 2022, that the malicious traffic surpassed that of legitimate login attempts from normal users in some countries, according to security researchers at Okta. Credentials stuffing, according to the FBI, is “a type of brute force attack that exploits leaked user credentials from a website breach or purchased on dark web credential selling websites, takes advantage of the fact that many users reuse usernames and passwords across multiple accounts and services.” This allows threat actors to access multiple user accounts and conduct fraudulent activity across multiple industries. Highlighting the growing threat, Okta recorded over 10 billion credential stuffing events on its platform in the first 90 days of 2022. This number represents around 34 percent of the total authentication traffic, which means that one-third of all attempts are malicious and fraudulent. Implementing multi-factor authentication and encouraging the use of unique, strong passwords for all work and online accounts goes a long way in defending against credential stuffing attacks. Read more at BleepingComputer.