Credential Stuffing – Are You at Risk?


Many of us lead busy lives – so if we can take steps to make things easier on ourselves, we do it.  Whether it’s automating work processes or asking Alexa to order supplies, we have more ways than ever to help manage the burden of extra stress.

One way people try to simplify their online identity is by using the same password for all of their accounts.  Although it may add a level of convenience, this can be a very dangerous strategy and can put the online security of your organization at risk.

“Credential Stuffing” is a technique where cyber criminals obtain a list of credentials for one service, and try to use them on another.  This can be a major security issue if you’re someone who uses the same password for all of your online accounts.

One recent example of Credential Stuffing affected tax return information. Hackers accessed tax return information with TurboTax by using stolen credentials from another service. The internal systems at Intuit, who owns TurboTax, were not breached. Instead hackers used information they obtained from another company to gain access to personal information such as Social Security Numbers, Names and Addresses.

To prevent Credential Stuffing, set up different passwords for all online accounts, or use two-factor authentication so that hackers are thwarted when trying to log in to your accounts.

Story via CNet