Cyber attacks have become an omnipresent threat in the age of the Internet and digital identities. One method gaining popularity and poses significant risks for online users is so-called “credential stuffing”.
Credential stuffing is a cyberattack in which an attacker uses stolen username-password combinations to access different online accounts. In this process, the stolen credentials are automatically tried against a large number of websites and services – always hoping that users will use the same credentials for multiple accounts.
The credential stuffing method is characterized by its comparatively simple approach. Attackers take advantage of the fact that stolen usernames and passwords, often obtained from data leaks or hacks of websites, are commonly reused. By using automated tools and bots, attackers can try the obtained credentials en masse and access all accounts for which a user uses the same credentials as the compromised accounts.
The main reason why credential stuffing is often successful is due to the poor security practices of many users. Many people use the same usernames and passwords for multiple accounts to avoid having to remember many different credentials. Since attackers try stolen credentials at various websites, they have a good chance of success.
Besides using strong passwords and unique username-password combinations, there are several additional security measures you can take to protect yourself from credential stuffing attacks.
One method that is now commonly used is two-factor authentication (2FA). Be happy to enable two-factor authentication wherever it’s available. 2FA adds an extra layer of security to the login process by requiring another verification step in addition to the password, such as confirming the login with an SMS code, email code or verification call.
Another method to prevent credential stuffing is to use a password manager. This helps generate strong and unique passwords for each account and manage them. Password managers can also help store credentials securely and automatically insert them into the appropriate fields when you log in.
Also, keep your operating system, browser and other software you use up to date. Updates often include important security patches that can close potential vulnerabilities.
Scammers are getting better at discovering your details, and they also like to try via email. Therefore, be wary of suspicious emails, links or messages from unknown senders that aim to steal your credentials. Learn to recognize phishing attempts and be careful with any credentials.
Also, a popular way to prevent credential stuffing is to use security questions. However, avoid common or easy-to-guess security questions. Instead, choose unique questions and answers or better yet, use an alternative method for authentication.
It is also helpful to enable notifications or alerts that inform you about suspicious activity or failed login attempts on your accounts.
Last, you should check that all the websites you use employ HTTPS encryption to protect credentials during transmission.
There are definitely signs you should look out for to detect suspicious activity that could indicate a possible credential stuffing attack.
These include these phenomena:
If your credentials are affected by a credential stuffing attack, it is important to act quickly to limit the damage and protect your account.
Immediately change the password for the affected account. Choose a strong and unique password not previously used for other accounts and avoid easily guessed information. If you haven’t already, enable two-factor authentication (2FA) for the affected account now, so that every login from now on must be confirmed with a code sent to a second device.
Also, check whether you use the same credentials for other accounts. If so, please change the password there immediately to prevent the attacker from gaining access to additional accounts.
Also, contact the customer support of the affected website or service and inform them about the incident so further measures can be taken if necessary.
Monitor activity on your accounts, especially after a cyberattack. Watch for unusual login attempts and familiarize yourself with available monitoring features.
Continue to check if your credentials were included in a publicly disclosed data leak. Several websites and services monitor data leaks and allow users to check if their own credentials have been affected. If so, act proactively and change the passwords for those accounts as well.
If you have credit card data stored in the affected account or notice any suspicious transactions, contact your bank or credit card company immediately to prevent possible financial damage.
Pay special attention to phishing attempts in the following weeks. Attackers may try to take advantage of the confusion after an attack by posing as customer support and trying to get more information or credentials from you.
By following these steps, you can secure your affected account and minimize the risk of further access. We also recommend developing good security habits in the future to protect yourself from future credential stuffing attacks. From using unique and strong passwords to regularly monitoring account activity to enabling two-factor authentication, numerous options can help you stay safer online.
Do you have questions about your companies general cybersecurity? Our colleagues will be happy to answer them all.