As people provide more personal information to sites across the Internet, hackers and fraudsters find new ways to access important credentials.
Using these stolen credentials, malicious actors can take over accounts and steal personal data, creating a snowball effect that can be devastating for your business.
Not only do your users risk their personal information being compromised or sold off, but your organization can also suffer catastrophic financial loss and brand damage. It’s more critical than ever to really understand the threat of credential abuse.
See how much you know.
One employee's credentials sold on the dark web can give a hacker access to a company's main database.
It's true. Hackers often obtain credentials from employees, usually as a result of a data breach, to hack into the company's main database of user records. Meaning – millions of usernames, passwords, and sensitive personal information (such as date of birth, social security numbers and financial data) are stolen from multiple websites and sold on the dark web to other fraudsters.
The worst kinds of information hackers can steal from your customers or employees are their passwords.
It's false. The world’s biggest data breaches have resulted in much more than just stolen login information. Hundreds of millions of records can be swiped in a single breach, with each record including an individual’s name, date of birth, social security number, address, phone number, email address, or even banking information.
The best way to respond to a detected bot without them knowing is to serve up an “incorrect username/password” page.
It's true. As important as detection is to solving the credential stuffing problem, response is even more critical. Responding in such a way that the attacker is unaware they have been detected can mean the difference between success and failure. Sophisticated bot detection capabilities, the ability to identify bot traffic origin, and granular bot traffic reporting can go a long way toward protecting your site.
You can prevent your customers’ credentials from being stolen or compromised by locking the targeted account after an abnormal amount of login attempts have been detected.
It's false. In most cases, attackers use dictionaries of username and password combinations that were leaked from a data breach. Hackers often try a single login attempt per account. Locking accounts based on a single attempt is a risky move and can impede on your user’s experience.
The Internet's growing pool of IP addresses is the number one enabler in the rise of credential stuffing.
It's false. While a growing pool of IP addresses does make data breaches more feasible, it is not the number one enabler of the credential stuffing trend. There are deeper forces at work. First, online accounts have steadily become more common in day-to-day life. Second, hackers have amassed huge databases of compromised credentials over the years, and have evolved their techniques to make hacking easier and more profitable.
When monitoring IP addresses, detecting too many login attempts over time is a good indication of malicious activity.
It’s true. Five login attempts in five minutes is suspicious. However, five login attempts over five hours can also represent a legitimate user's behavior, especially if many users share the same IP address. Plus, run-time monitoring mechanisms use CPU and memory, which limit security controls to monitor the login activity timeframe (and in most cases don’t exceed a 60-minute window). Unfortunately, hackers understand these limitations and have found ways to use them to their advantage.
Learn more about credential stuffing and how you can protect your business, your brand, and your customers.See How