NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks


Stolen credentials tied to cyberattack incidents at 17 well-known online retailers, restaurant chains, food delivery services.



The Office of the Attorney General (OAG) for the state of New York today said a months-long investigation into credential-stuffing operations uncovered some 1.1 million consumer online accounts that had been compromised in such attacks.
The stolen credentials belonged to consumers of 17 well-known online retail businesses, restaurant chains, and food delivery services, according to the OAGs office. Most of the businesses had been unaware of the attacks prior to the OAGs reporting them, and were advised on how to better lock down customer accounts and ensure their accounts were secured with new passwords and security controls. 
Credential-stuffing is a wildly popular — and easy — method for attackers, who run tools that automate the process of using pilfered usernames and passwords across multiple online services in order to find accounts that reuse the same password. Password reuse is a common misstep among consumers weary of creating new passwords for each online account.
Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users personal information stand in jeopardy, said NY Attorney General Letitia James. Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We must do everything we can to protect consumers’ personal information and their privacy.
The OAG also published a report,
Business Guide for Credential Stuffing Attacks
, that explains these types of attacks and how to protect against them.
Read more
here


Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks