Up to 90 per cent of the average online retailer’s login traffic is generated by cybercriminals trying their luck with credential stuffing attacks, Shape Security estimated in its latest Credential Spill Report.
What is credential stuffing? It’s simple, attackers try passwords stolen from hacked account databases on lots of other websites in the hope they also work…basically if you use the same email address and password for websites A and B, and A is hacked, the crooks will try to use the stolen login data to access your account on website B. It sounds like a long shot but, Shape estimates, it’s effective up to three per cent of the time, an excellent rate of return for professional criminals.
Based on Shape’s own customer analysis, for e-commerce 91 per cent of login traffic was from credential stuffing, while for airlines it was 60 per cent, banking on 58 per cent and hotels 44 per cent.
Credential stuffing is rampant and losses from credential stuffing fraud are high – so try not to reuse the same password on every site.
Our advice, ALWAYS use a different password and one that is secure when you set up a login on any new website or online service.
Reusing a password simply aids hackers who might hack the user base of a website.
Also make use of the available Password-Management Tools out there. Check out PC’s best Password Managers of 2018.