Data breaches can lead to credential stuffing

Data breaches aren’t going away—in fact, data indicates that they’re happening more often than ever before.

A 2018 report says that 75% of U.S. retailers have experienced a breach, with 50% experiencing the issue in the last year. Check out this graphic to see the world’s biggest data breaches.

Odds are good you will, or have been, impacted. But, once your data is out there, then what happens? Your email or other accounts can get hacked using a technique called “credential stuffing.”

What is it?

When breaches occur and credentials are leaked, hackers can generate massive lists of usernames (which are frequently email addresses) and passwords. With those lists, they can start crunching the data.

For example: you have a leaked email address/username and also a leaked passwords from LinkedIn and MyFitnessPal. Hackers use all three pieces of information to try and log into other types of accounts in case one of them uses the same credentials—but they’re doing this all through large-scale automated login requests.

No one is trying to crack or force their way into your accounts, but instead hackers are using massive automation to run through all of the different possible places your credentials could be used again. This is clearly a huge scam but it works, in part because many people use the same password in multiple places.

What can you do?

To help prevent a hacker from “stuffing” your credentials, here are things you can do:

  1. Don’t use the same password twice! More than 80% of us do it, but we really, really shouldn’t.
  2. Use a password safe/vault/manager. Using a password managers such as Password Safe or KeePass makes it easier to use randomly generated passwords for every site you use.
  3. Sign up for The site will notify you if your email address was involved in a known breach.
  4. Use uBlock:Origin with Chrome or FireFox. This browser extension can help block malicious links if you happen to click on one.


No comments yet.

Leave a Reply