Credential stuffing’s popularity rose dramatically in 2018 — in fact, Akamai recorded nearly 30 billion credential stuffing attacks in 2018 — and businesses certainly haven’t seen the last of this type of cyber-attack. For example, on 24 May 2019, a credential stuffing attack enabled criminals to access up to 139 million profiles on the popular graphic design platform, Canva. So, businesses that take cybersecurity seriously need to protect against credential stuffing cyber-attacks.
A credential stuffing attack is a type of brute force cyber-attack used to gain unauthorised access to one or more user accounts. Criminals use an automated system to enter large numbers of previously breached username and password pairs into website login fields to see if any of them match existing accounts. The attacker then hijacks any accounts they’re able to log into.
In most cases, the best way to deal with credential stuffing is to prevent it from happening in the first place.
Businesses can prevent credential stuffing attacks in two main ways: they can ensure that their staff implement personal cybersecurity measures, and implement security measures for their business.
Every individual staff member should:
Once all staff members are taking adequate security precautions, the risk of their credentials being stolen is significantly reduced. And if a set of credentials for one account is stolen, the damage will be reduced as well because it will be limited to a single account. Implementing the following proactive and reactive company cybersecurity measures will further reduce the likelihood that a business’s systems will be compromised by a credential stuffing attack.
No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.
Disclaimer - The content of the above article is not intended to constitute professional advice. Although all content is believed to be accurate, Chubb Insurance Singapore Limited (Chubb) makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content of this article. Users relying on any content do so at their own risk.
Leave your contact details and our representatives will get in touch with you.