NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security

NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks


Stolen credentials tied to cyberattack incidents at 17 well-known online retailers, restaurant chains, food delivery services.


The Office of the Attorney General (OAG) for the state of New York today said a months-long investigation into credential-stuffing operations uncovered some 1.1 million consumer online accounts that had been compromised in such attacks.
The stolen credentials belonged to consumers of 17 well-known online retail businesses, restaurant chains, and food delivery services, according to the OAGs office. Most of the businesses had been unaware of the attacks prior to the OAGs reporting them, and were advised on how to better lock down customer accounts and ensure their accounts were secured with new passwords and security controls. 
Credential-stuffing is a wildly popular — and easy — method for attackers, who run tools that automate the process of using pilfered usernames and passwords across multiple online services in order to find accounts that reuse the same password. Password reuse is a common misstep among consumers weary of creating new passwords for each online account.
Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users personal information stand in jeopardy, said NY Attorney General Letitia James. Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We must do everything we can to protect consumers’ personal information and their privacy.
The OAG also published a report,
Business Guide for Credential Stuffing Attacks
, that explains these types of attacks and how to protect against them.
Read more
here


Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks