“Credential Stuffing” Attacks and How to Prevent Them

Cyberattacks are becoming more creative in how they’re infiltrating and taking over data from companies and individuals. While phishing and stealing passwords always pose a threat, there are more sophisticated attempts by cybercriminals being made every day, targeting sensitive information. One newer but highly effective technique is known as credential stuffing, and it’s picking up steam already.

In credential stuffing, attackers take a big load of usernames and passwords and try to “stuff” those credentials into the login page of other services online. Due to the fact that people usually use the same username and password combination, or something similar enough to crack, across multiple sites and logins, attackers can often use one combination to unlock multiple accounts, like earlier this year when Dunkin’ Donuts saw a massive stuffing breach occur.

Every industry is vulnerable to these attacks, including the banking industry. While there’s only so much that can be done to make up for a loss due to a stuffing breach, banks can do their best at preventing these attacks from happening.

What is Credential Stuffing?

When a major data breach takes place, hackers successfully gain access to a database of user and password combinations. From there, these login credentials are published for anyone to see and use. In other times, sensitive data can be obtained by phishing scams.

From the latter half of 2018 and heading into 2019, credential stuffing attacks grew in size and frequency, making a case for better digital hygiene as well as a better emphasis on personalized cyber liability insurance for companies, such as financial institutions.

Credential stuffing is becoming more and more popular among hackers because the technique to obtain information is very streamlined and straightforward. Since security solutions are being presented by data security companies to stop more intricate attacks, hackers are taking things back to basics and still obtaining what they need.

How to Protect Against Stuffing

Banks worried about falling victim to credential stuffing, or any cyberattack for that matter, have a number of options they can use when it comes to limiting attacks and their effects. As mentioned above, cyber liability insurance is there for banks when it comes to paying out claims or paying for legal representation. While this is always a good item to have no matter the cyber situation, there are some preventative measures that can help before anything goes wrong.

  • Use a strong password manager: Credential stuffing attacks rely on the user’s previous login credentials in order to work. Since password managers have settled in, users don’t actually have to remember all their passwords by heart. There are a number of free password managers out there that can help add a layer of password protection no matter who the user is. This is a good first step.
  • Set strong passwords: While it’s easy to use the same or similar passwords when logging in, it should be expressed that strong and unique passwords should be used. Having a go-to password, while simple and efficient for you, can only be leading hackers to a treasure trove of information with little to no challenge in front of them.
  • Enable two-factor authentication: Two-factor authentication for passwords may not be completely airtight when it comes to keeping bad actors away, but it’s another level of security that can be a deterrent for hackers. While cyberattacks can still infiltrate two-factor authentication, they are still helpful.

About Financial Guaranty Insurance Brokers

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for entities of all types. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (626) 793-3330 to speak with one of our professionals.