Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Credential Stuffing. Show all posts
third party access
CAPTCHA Credential Stuffing Cyber Security MFA Online Retailers Passwords third party access

How Retailers Should Harden Accounts Before the Holiday Rush




Retailers rely heavily on the year-end shopping season, but it also happens to be the period when online threats rise faster than most organizations can respond. During the rush, digital systems handle far more traffic than usual, and internal teams operate under tighter timelines. This combination creates a perfect opening for attackers who intentionally prepare their campaigns weeks in advance and deploy automated tools when stores are at their busiest.

Security analysts consistently report that fraudulent bot traffic, password-testing attempts, and customer account intrusions grow sharply during the weeks surrounding Black Friday, festive sales, and year-end shopping events. Attackers time their operations carefully because the chance of slipping through undetected is higher when systems are strained and retailers are focused on maintaining performance rather than investigating anomalies.

A critical reason criminals favor this season is the widespread reuse of passwords. Large collections of leaked usernames and passwords circulate on criminal forums, and attackers use automated software to test these combinations across retail login pages. These tools can attempt thousands of logins per minute. When one match succeeds, the attacker gains access to stored payment information, saved addresses, shopping histories, loyalty points, and in some cases stored tokenized payment methods. All of these can be exploited immediately, which makes the attack both low-effort and highly profitable.

Another layer of risk arises from the credentials of external partners. Many retailers depend on vendors for services ranging from maintenance to inventory support, which means third-party accounts often hold access to internal systems. Past retail breaches have shown that attackers frequently begin their intrusion not through the company itself but through a partner whose login rights were not secured with strong authentication or strict access controls. This amplifies the impact far beyond a single compromised account, highlighting the need for retailers to treat vendor and contractor credentials with the same seriousness as internal workforce accounts.

Balancing security with customer experience becomes especially challenging during peak seasons. Retailers cannot introduce so much friction that shoppers abandon their carts, yet they also cannot ignore the fact that most account takeovers begin with weak, reused, or compromised passwords.

Modern authentication frameworks recommend focusing on password length, screening new passwords against known breach data, and reducing reliance on outdated complexity rules that frustrate users without meaningfully improving security. Adaptive multi-factor authentication is viewed as the most practical solution. It triggers an additional verification step only when something unusual is detected, such as a login from an unfamiliar device, a significant change to account settings, or a suspicious location. This approach strengthens security without slowing down legitimate customers.

Internal systems require equal attention. Administrative dashboards, point-of-sale backends, vendor portals, and remote-access platforms usually hold higher levels of authority, which means they must follow a stricter standard. Mandatory MFA, centralized identity management, unique employee credentials, and secure vaulting of privileged passwords significantly reduce the blast radius of any single compromised account.

Holiday preparedness also requires a layered approach to blocking automated abuse. Retailers can deploy tools that differentiate real human activity from bots by studying device behavior, interaction patterns, and risk signals. Rate limits, behavioral monitoring for credential stuffing, and intelligence-based blocking of known malicious sources help limit abuse without overwhelming the customer experience. Invisible or background challenge mechanisms are often more effective than traditional CAPTCHAs, which can hinder sales during peak traffic.

A final but critical aspect of resilience is operational continuity. Authentication providers, SMS delivery routes, and verification systems can fail under heavy demand, and outages during peak shopping hours can have direct financial consequences. Retailers should run rehearsals before the season begins, including testing failover paths for sign-in systems, defining emergency access methods that are short-lived and fully auditable, and ensuring there is a manual verification process that stores can rely on if digital systems lag or fail. Running load tests and tabletop exercises helps confirm that backup procedures will hold under real stress.

Strengthening password policies and monitoring for compromised credentials also plays a vital role. Tools that enforce password screenings against known breach databases, encourage passphrases, restrict predictable patterns, and integrate directly with directory services allow retailers to apply consistent controls across both customer-facing and internal systems. Telemetry from these tools can reveal early signs of suspicious behavior, providing opportunities to intervene before attackers escalate their actions.

With attackers preparing earlier each year and using highly automated methods, retailers must enter the holiday season with defenses that are both proactive and adaptable. By tightening access controls, reinforcing authentication, preparing for system failures, and using layered detection methods, retailers can significantly reduce the likelihood of account takeovers and fraud, all while maintaining smooth and reliable shopping experiences for their customers.


Read more »
Synthient
Credential Stuffing Cyber Security Data Breach exposed emails Have I Been Pwned password leak Synthient

Massive Leak Exposes 1.3 Billion Passwords and 2 Billion Emails — Check If Your Credentials Are at Risk

 

If you haven’t recently checked whether your login details are floating around online, now is the time. A staggering 1.3 billion unique passwords and 2 billion unique email addresses have surfaced publicly — and not due to a fresh corporate breach.

Instead, this massive cache was uncovered after threat-intelligence firm Synthient combed through both the open web and the dark web for leaked credentials. You may recognize the company, as they previously discovered 183 million compromised email accounts.

Much of this enormous collection is made up of credential-stuffing lists, which bundle together login details stolen from various older breaches. Cybercriminals typically buy and trade these lists to attempt unauthorized logins across multiple platforms.

This time, Synthient pulled together all 2 billion emails and 1.3 billion passwords, and with help from Troy Hunt and Have I Been Pwned (HIBP), the entire dataset can now be searched so users can determine if their personal information is exposed.

The compilation was created by Synthient founder Benjamin Brundage, who spent months gathering leaked credentials from countless sources across hacker forums and malware dumps. The dataset includes both older breach data and newly stolen information harvested through info-stealing malware, which quietly extracts passwords from infected devices.

According to Troy Hunt, Brundage provided the raw data while Hunt independently verified its authenticity.

To test its validity, Hunt used one of his old email addresses — one he already knew had appeared in past credential lists. As expected, that address and several associated passwords were included in the dataset.

After that, Hunt contacted a group of HIBP subscribers for verification. By choosing some users whose data had never appeared in a breach and others with previously exposed data, he confirmed that the new dataset wasn’t just recycled information — fresh, previously unseen credentials were indeed present.

HIBP has since integrated the exposed passwords into its Pwned Passwords service. Importantly, this database never links email addresses to passwords, maintaining privacy while still allowing users to check if their passwords are compromised.

To see if any of your current passwords have been leaked, visit the Pwned Passwords page and enter them. Your passwords are never sent to a server — the entire check is processed locally in your browser through an anonymity-preserving method.

If any password you use appears in the results, change it immediately. You can rely on a password manager to generate strong replacements, or use free password generators from tools like Bitwarden, LastPass, and ProtonPass.

The single most important cybersecurity rule remains the same: never reuse passwords. When criminals obtain one set of login credentials, they try them across other platforms — an attack method known as credential stuffing. Because so many people still repeat passwords, these attacks remain highly successful.

Make sure every account you own uses a strong, complex, and unique password. Password managers and built-in password generators are the easiest way to handle this.

Even the best password may not protect you if it’s stolen through a breach or malware. That’s why Two-Factor Authentication (2FA) is crucial. With a second verification step — such as an authenticator app or security key — criminals won’t be able to access your account even if they know the password.

You should also safeguard your devices against malware using reputable antivirus tools on Windows, Mac, and Android. Info-stealing malware, often spread through phishing attacks, remains one of the most common ways passwords are siphoned directly from user devices.

If you’re interested in going beyond passwords altogether, consider switching to passkeys. These use cryptographic key pairs rather than passwords, making them unguessable, non-reusable, and resistant to phishing attempts.

Think of your password as the lock on your home’s front door: the stronger it is, the harder it is for intruders to break in. But even with strong habits, your information can still be exposed through breaches outside your control — one reason many experts, including Hunt, see passkeys as the future.

While it’s easy to panic after reading about massive leaks like this, staying consistent with good digital hygiene and regularly checking your exposure will keep you one step ahead of cybercriminals.
Read more »
Zero Trust
Credential Stuffing Cybersecurity Breach Data Leak Digital Risk Malware Logs Password Security Privacy Stolen Credentials Threat Intelligence Zero Trust

Digital Security Threat Escalates with Exposure of 1.3 Billion Passwords


 

One of the starkest reminders of just how easily and widely digital risks can spread is the discovery of an extensive cache of exposed credentials, underscoring the persistent dangers associated with password reuse and the many breaches that go unnoticed by the public. Having recently clarified the false claims of a large-scale Gmail compromise in the wake of Google’s recent clarification, the cybersecurity community is once again faced with vast, attention-grabbing figures which are likely to create another round of confusion. 

Approximately 2 billion emails were included in the newly discovered dataset, along with 1.3 billion unique passwords that were found in the dataset, and 625 million of them were not previously reported to the public breach repository. It has been emphasised that Troy Hunt, the founder of Have I Been Pwned, should not use sensationalism when discussing this discovery, as he stresses the importance of the disclosure. 

It is important to note that Hunt noted that he dislikes hyperbolic news headlines about data breaches, but he stressed that in this case, it does not require exaggeration since the data speaks for itself. Initially, the Synthient dataset was interpreted as a breach of Gmail before it was clarified to reveal that it was actually a comprehensive collection gathered from stealer logs and multiple past breaches spanning over 32 million unique email domains, and that it was a comprehensive collection. 

There's no wonder why Gmail appears more often than other email providers, as it is the world's largest email service provider. The collection, rather than a single event, represents a very extensive collection of compromised email and password pairs, which is exactly the kind of material that is used to generate credential-stuffing attacks, where criminals use recycled passwords to automate attempts to access their banking, shopping, and other online accounts. 

In addition to highlighting the dangers associated with unpublicized or smaller breaches, this new discovery also underscores the danger that even high-profile breaches can pose when billions of exposed credentials are quietly redirected to attackers. This newly discovered cache is not simply the result of a single hack, but is the result of a massive aggregation of credentials gathered from earlier attacks, as well as malware information thieves' logs, which makes credential-based attacks much more effective.

A threat actor who exploits reused passwords will have the ability to move laterally between personal and corporate services, often turning a compromised login into an entry point into an increasingly extensive network. A growing number organisations are still dependent on password-only authentication, which poses a high risk to businesses due to the fact that exposed credentials make it much easier for attackers to target business systems, cloud platforms, and administrative accounts more effectively. 

The experts emphasised the importance of adopting stronger access controls as soon as possible, including the generation of unique passwords by trusted managers, the implementation of universal two-factor authentication, and internal checks to identify credentials which have been reused or have previously been compromised. 

For attackers to be able to weaponise these massive datasets, enterprises must also enforce zero-trust principles, implement least-privilege access, and deploy automated defences against credential-stuffing attempts. When a single email account is compromised, it can easily cascade into financial, cloud or corporate security breaches as email serves as the central hub for recovering accounts and accessing linked services. 

Since billions of credentials are being circulated, it is clear that both individuals and businesses need to take a proactive approach to authentication, modernise security architecture, and treat every login as if it were a potential entry point for attackers. This dataset is also notable for its sheer magnitude, representing the largest collection of data Have I Been Pwned has ever taken on, nearly triple the volume of its previous collection.

As compiled by Synthient, a cybercriminal threat intelligence initiative run by a college student, the collection is drawn from numerous sources where stolen credentials are frequently published by cybercriminals. There are two highly volatile types of compromised data in this program: stealer logs gathered from malware on infected computers and large credential-stuffing lists compiled from earlier breaches, which are then combined, repackaged and traded repeatedly over the underground networks. 

In order to process the material, HIBP had to use its Azure SQL Hyperscale environment at full capacity for almost two weeks, running 80 processing cores at full capacity. The integration effort was extremely challenging, as Troy Hunt described it as requiring extensive database optimisation to integrate the new records into a repository containing more than 15 billion credentials while maintaining uninterrupted service for millions of people every day.

In the current era of billions of credential pairs being circulated freely between attackers, researchers are warning that passwords alone do not provide much protection any more than they once did. One of the most striking results of this study was that of HIBP’s 5.9 million subscribers, or those who actively monitor their exposure, nearly 2.9 million appeared in the latest compilation of HIBP credentials. This underscores the widespread impact of credential-stuffing troves. The consequences are especially severe for the healthcare industry. 

As IBM's 2025 Cost of a Data Breach Report indicates, the average financial impact of a healthcare breach has increased to $7.42 million, and a successful credential attack on a medical employee may allow threat actors to access electronic health records, patient information, and systems containing protected health information with consequences that go far beyond financial loss and may have negative economic consequences as well.

There is a growing concern about the threat of credential exposure outpacing traditional security measures, so this study serves as a decisive reminder to modernise digital defences before attackers exploit these growing vulnerabilities. Organisations should be pushing for passwordless authentication, continuous monitoring, and adaptive risk-based access, while individuals should take a proactive approach to maintaining their credentials as an essential rather than an optional task. 

Ultimately, one thing is clear: in a world where billions of credentials circulate unchecked, the key to resilience is to anticipate breaches by strengthening the architecture, optimising the authentication process and maintaining security awareness instead of reacting to them after a breach takes place.
Read more »
PayPal Data Breach
Credential Stuffing Cybercrime Forum Dark Web Markets Infostealer malware Multi Factor Authentication Password Security PayPal Data Breach

PayPal Password Leak Puts Millions of Users on High Alert

 


It has been reported that millions of PayPal accounts have been traded on underground forums, which has raised a new wave of alarm in the ever-evolving landscape of cybercrime. Using the moniker “Chucky_BF”, a hacker announcing the availability of a dataset of 15.8 million PayPal accounts for the startlingly low price of $750 USD has advertised what he claims is a dataset of 15.8 million PayPal accounts. 

There has been widespread discussion across social media about the trove, which allegedly contains a 1.1 gigabyte text file that stores plaintext email and password combinations, making them accessible and ready for immediate use for malicious purposes. According to the hacker, the records he created cover a wide range of email providers, such as Gmail, Yahoo, Hotmail, among others, suggesting that the victims are spread around the globe. 

A concern, however, may be the inclusion of PayPal-specific login URLs and mobile URLs, which appear to be structured in such a way as to facilitate an automated exploit. The stolen credentials are organized along with direct links to PayPal sign-in portals that you can use to sign into PayPal—for example, the /signin, /signup, /connect, and the Android application URIs—in a way that makes them easy for cybercriminals to deploy as a toolkit. 

According to screenshots of the offer being circulated on the internet, there are rows of raw email:password:url entries, an information dump format commonly used in underground credential dumps. Even though the authenticity of the data has not been confirmed, due to its structured nature and low asking price, concerns have been raised that the data could rapidly be acquired by cybercriminals eager to exploit any portion of the data.

Those who would want to be attackers could use a dataset like this as the foundation for credential stuffing attacks, phishing campaigns, or even large-scale fraud against PayPal users across multiple countries if they wanted to make such a purchase. 

Not just because of the numbers, but because PayPal is a trusted platform for millions of businesses and individuals throughout the world, the hacker’s bold claims have caught the attention of the world. The central player in the global ecosystem of digital payments, even unverified reports of a massive leak raise immediate questions regarding the potential financial loss, the reputational damage, and the security of user identities in an environment that is becoming increasingly hostile. 

It is important to note, however, that while the alleged dataset has sparked headlines, experts emphasise that a thorough analysis of the situation is necessary. Neither PayPal nor any of its subsidiaries have ever been directly breached by large-scale attackers who have taken millions of user records from the company's systems. This distinction is crucial because previous incidents related to PayPal—such as one involving around 35,000 users—were attributed to credential stuffing or the use of previously stolen data, not to flaws within PayPal's own infrastructure. 

If the claims made by "Chucky_BF" are accurate, it appears as though the dataset has more likely come from an infostealer malware infection than from PayPal's servers themselves. A malicious program, known as an infostealer malware infection, infects computers and mobile devices and can often be delivered through phishing emails, malicious downloads, or compromised websites in order to gain access to personal data. 

It has been shown that the malware is silently extracting stored login information, browser history, cookies, and autofill information from a system once inside, then sending this information to cybercriminals. This theory is supported by the fact that the hacker shared samples that included PayPal login URLs and Android URIs. In contrast to the centralised dump that PayPal's systems may have produced, this dataset may have gathered stolen logs from compromised personal devices all over the world, carefully restructured to appear as if they were stolen from PayPal. 

The practice of rebranding or repackaging stolen data is common within cybercrime markets, where rebranding can enhance a person's perception of how valuable it is. Recent discoveries strengthen this belief. Researchers identified 184 million login credentials, including unique usernames and passwords, that had been exposed through a misconfigured cloud server in May of 2025, according to cybersecurity researcher Jeremiah Fowler. 

In the same way that PayPal credentials are believed to have been retrieved via infostealer malware rather than through a direct company breach, those credentials are almost certainly the result of infostealer malware. Information-stealing malware is extremely destructive. In Hudson Rock's research, it has been determined that such malware is not only readily available on the dark web but has been successfully infiltrating not just individual users, but also critical institutions, according to Hudson Rock's research. 

It was found that employees of some of the most sensitive organisations in the United States had been infected by the virus, including the Pentagon, Lockheed Martin, Honeywell, branches of the military, and even the FBI, according to the analysis. Taking advantage of infostealers highlights that even institutions that have robust security frameworks can be compromised, which underscores how vulnerable consumers may be to similar threats that they are not aware of or are unable to protect themselves from. 

PayPal users face immediate and multifaceted risks if the data is fabricated or recycled, millions of real credentials are still in circulation despite the fact that some of the data may be fabricated or recycled. The information that cybercriminals possess can be used to launch credential stuffing attacks in which stolen email-password pairs are tested across multiple platforms in search of accounts whose credentials are reusable. Because most individuals recycle the same login information across a wide range of financial, e-commerce, and social platforms, a compromise of a single PayPal account can lead to an overall e-commerce invasion. 

Besides direct financial theft, there are also other risks associated with structured datasets such as this, including phishing campaigns that can be created to mimic PayPal login pages and lure victims into providing updated credentials. This data can also be used for social engineering purposes by attracting individuals to tailored scams that exploit their trust in financial institutions. Depending on the extent of the data, there could be a loss of revenue, fraud, and recovery costs of billions of dollars, depending on whether it was authentic. 

As of the time of writing, PayPal has not confirmed or denied the authenticity of the dataset. HackRead.com, which reported the sale, was also unable to independently confirm the claims. I have contacted the company to get their opinion, but I anticipate that any confirmation or rebuttal of the statement would affect the level of response its global user base will require. However, vigilance has not been abandoned by cybersecurity experts in cases where unverified leaks make headlines. 

In cases where unverified leaks make headlines, it would be prudent for users to assume the worst and take proactive measures to protect themselves. Analysts recommend that all PayPal users immediately: Reset their PayPal password to a strong, unique one. Enable Multi-Factor Authentication (MFA), ideally through an authenticator app instead of SMS. 

Check linked email accounts for unusual login activity. Use password managers to avoid reusing credentials across multiple platforms. Run updated antivirus and anti-malware scans on devices to detect possible infections. Monitor financial transactions closely, enabling alerts for any suspicious payments. Consider identity theft protection services, particularly for users who conduct significant business via PayPal. 

Experts also stress the importance of an overall digital hygiene program. As infostealer malware has emerged as one of the most potent and pervasive forms of cybersecurity, experts advise updating software regularly, being cautious when browsing, and being sceptical when receiving unsolicited emails or downloading files. 

A significant risk reduction can be achieved for businesses, especially those relying heavily on PayPal for e-commerce, by implementing endpoint protection solutions and employee training programs. The alleged theft of PayPal credentials serves as a stark reminder of the fragile balance between trust and e-commerce in general. 

In spite of the fact that PayPal may not have suffered any direct breaches, the reputational fallout of its brand and its users still lingers, especially when the company's brand is compromised. With the rise of cybercrime marketplaces, stolen or recycled data will likely continue to be retrieved, repackaged, and sold to eager customers for the foreseeable future. 

The only way to stay ahead of attackers is to practice proactive security, so the only way to protect yourself is to stay ahead of them. As a result, whether the 15.8 million credentials that were advertised by “Chucky_BF” represented a real new breach, a compilation of stolen logs, or simply a rebranded dump of older leaks, the underlying issue remains the same: in today's digital economy, personal data is a commodity and vigilance is not optional - it is the price of taking part. 

The lesson from this episode is clear: your password should not be changed after confirmation, but now rather than later. Considering the ever-expanding digital landscape, incidents such as the alleged sale of PayPal credentials underscore a more important truth that security is no longer just an optional layer of protection, but a fundamental responsibility of everyone involved in the online economy today. In addition to immediate countermeasures like password resets or multifactor authentication, users must adopt a mindset of continuous cyber-resilience in addition to these immediate countermeasures. 

Digital accounts should be treated in the same way as physical assets in order to prevent them from being compromised. It is essential to pay close attention to the evolving nature of threats and take the time to utilise tools that go beyond basic security hygiene to detect compromised credentials early, such as hardware security keys, zero-trust authentication models, and regular dark web monitoring. 

There is no doubt that in an environment where a brand's reputation is fragile, cybersecurity awareness is integral to a business's daily operations, especially for small businesses that rely heavily on platforms like PayPal. By embedding cybersecurity awareness into everyday operations, businesses are not only protecting revenues but also strengthening customer trust. 

A proactive approach to layered defences can ultimately be a source of peace of mind for the individual, who is confident that he or she will not be perpetually vulnerable to unseen adversaries while transacting, communicating, and operating online. Cybersecurity may seem complicated at first glance, but it is the discipline of foresight, vigilance, and accountability that ensures digital trust remains strong in the long run.
Read more »
Password Breach
Credential Stuffing Cyber Fraud Cybersecurity Infostealer Malware Password Breach

Massive Password Breach Fuels Rise of Automated Credential-Stuffing Attacks

 

If you’re still relying solely on passwords to protect your digital life, this might be your wake-up call. A surge in infostealer malware has compromised billions of credentials, with 85 million fresh passwords now actively being used in cyberattacks. And even with two-factor authentication (2FA), you're not necessarily safe — hackers are leveraging stolen session cookies to bypass 2FA protections entirely.

This threat has escalated with the emergence of a sophisticated hacking tool: Atlantis AIO. A recent threat intelligence report by Abnormal Security warns that this automated credential-stuffing machine is exploiting stolen credentials to infiltrate everything from email and VPNs to streaming and food delivery services.

“Atlantis AIO has emerged as a powerful weapon in the cybercriminal arsenal,” Abnormal Security analysts said, “enabling attackers to test millions of stolen credentials in rapid succession.”

Credential stuffing isn’t a new concept — but it’s becoming more dangerous. Cybercriminals are constantly refining tools to make these attacks more efficient. In a previous report from March 15, internal chat logs from the Black Basta ransomware group exposed how an automated brute-force attack system was being used to infiltrate accounts.

Both brute-force and credential-stuffing attacks work by bombarding accounts with endless combinations of usernames and passwords. By leveraging databases of breached credentials from the dark web and criminal forums, hackers can easily gain access to multiple accounts that share reused passwords.

What sets Atlantis AIO apart is its plug-and-play structure. It offers pre-configured modules tailored to target over 140 different platforms — from popular email providers like Hotmail, Yahoo, AOL, GMX, and Web.de, to VPNs, streaming platforms, banking apps, and food delivery services.

The message is clear: if you're still reusing passwords, it's time to rethink your security habits. Passwords alone are no longer enough to stay safe online.

Read more »
multifactor authentication
Account Takeover Atlantis AIO Credential Stuffing Cyber Crime multifactor authentication

Malicious Actors Employ Atlantis AIO to Target 140+ Platforms

 

A new cybercrime platform dubbed 'Atlantis AIO' provides automatic credential stuffing against 140 internet platforms, including email, e-commerce, banking, and VPNs. Atlantis AIO includes pre-configured modules for performing brute force assaults, bypassing CAPTCHAs, automating account recovery operations, and monetising stolen credentials/accounts. 

Credential stuffing and automation 

Credential stuffing is a type of cyberattack in which attackers utilise a list of credentials (usernames and passwords) stolen or acquired via leaked data breaches to gain access to accounts on sites.

If the credentials match and the account is not safeguarded by multi-factor authentication, they can take over the account, shut out the legitimate owner, and then abuse or resell it to others. This type of attack is common and ubiquitous, with major credential-stuffing attacks happening every day. 

Over time, these attacks have had an impact on businesses and services such as Okta, Roku, Chick-fil-A, Hot Topic, PayPal, PetSmart, and 23andMe. Credential stuffing assaults are regularly carried out by malicious actors using free tools such as Open Bullet 2 and SilverBullet, as well as prepackaged "configs" available on cybercrime forums. 

Credential stuffing as a service 

Atlantis AIO is a new Credential Stuffing as a Service (CSaaS) platform that enables attackers to pay for a membership and automate such operations

Abnormal Security identified the cybercrime service Atlantis AIO, which says that it can target over 140 online services globally. Hotmail, AOL, Mail.ru, Mail.com, Gmx, Wingstop, Buffalo Wild Wings, and Safeway are among the services being targeted. Atlantis AIO is a modular tool that allows cybercriminals to launch targeted assaults. Its three major modules are: 

  • Email account testing: Automates brute-force and takeover efforts on popular email services such as Hotmail, Yahoo, and Mail.com, allowing cybercriminals to take control of accounts and access inboxes for phishing or data theft. 
  • Brute force assaults: Rapidly cycles through common or weak passwords on targeted platforms in order to breach accounts with poor password management. 
  • Account recovery: Account recovery processes are exploited (for example, on eBay and Yahoo), CAPTCHAs are bypassed, and takeovers are automated using programs such as "Auto-Doxer Recovery" for faster and more efficient credential exploitation.

When cybercriminals gain access to accounts, they frequently sell them in bulk, posting hundreds or even thousands of compromised accounts for sale on underground forums. Other threat actors set up stores to sell stolen accounts for as little as $0.50 per account. 

Prevention tips 

You can prevent credential stuffing attacks by using multi-factor authentication and strong, one-of-a-kind passwords on all websites where you have accounts. Even if credentials are compromised, threat actors will be unable to log in without also acquiring the MFA information, which is why multi-factor authentication is so important. 

If online services notify you of odd logins from odd places or unexpected emails requesting a password reset, you should look into if your credentials were compromised right away. Websites can help prevent these attacks by introducing rate limitation and IP throttling, utilising complex CAPTCHA puzzles, and monitoring for unusual behaviour patterns.
Read more »
Roku
2FA Credential Stuffing Data Breach Password Roku

Roku Security Breach Exposes Over 500,000 User Accounts to Cyber Threats

 


In a recent set of events, streaming giant Roku has disclosed an eminent security breach affecting over half a million user accounts. Following a recent data breach, Roku has uncovered additional compromised accounts, totaling approximately 576,000 users affected by the breach.

Security Breach Details

Last month, Roku announced that around 15,000 customers might have had their sensitive information, including usernames, passwords, and credit card details, stolen by hackers. These stolen credentials were then utilised to gain unauthorised access to other streaming platforms and even to purchase streaming gear from Roku's website. Subsequently, the compromised Roku accounts were sold on the dark web for a mere $0.50 each.

Method of Attack

The hackers employed a tactic known as "credential stuffing" to gain access to the jeopardised accounts. This method relies on using stolen usernames and passwords from other data breaches to gain unauthorised access to various accounts. It highlights the importance of avoiding password reuse across different platforms, no matter how convenient the idea of having one go-to password may seem. 

Proactive Measures by Roku

Roku took proactive steps in response to the security incidents. While investigating the initial breach, the company discovered a second similar incident affecting over 500,000 additional accounts. Roku clarified that there's no evidence indicating that their systems were directly laid on the line. Instead, the hackers likely obtained the credentials from external sources, such as previous data breaches or leaks.

Protecting Your Roku Account

To safeguard users' accounts, Roku has implemented several measures. Firstly, the company has reset the passwords for all affected accounts and initiated direct notifications to affected customers. Additionally, Roku is refunding or reversing any unauthorised charges made by hackers. Furthermore, two-factor authentication (2FA) has been enabled for all Roku accounts, adding an extra layer of security.

User Precautions

Despite Roku's efforts, users are advised to take additional precautions. It's crucial to use strong, unique passwords for each online account, including Roku. Password managers can assist in generating and securely storing complex passwords. Additionally, users should remain watchful for any suspicious activity on their accounts and monitor their bank statements closely.

As Roku continues its investigations, users are urged to stay cautious online. There's a possibility of hackers attempting targeted phishing attacks using stolen information. Therefore, users should exercise caution when interacting with emails purportedly from Roku and verify the authenticity of any communication from the company.

The recent security breaches bear down on the critical need for strong cybersecurity practices by both companies and users. While Roku has taken considerable steps to address the issue, users must remain proactive in protecting their accounts from potential threats. Stay informed and take necessary precautions to safeguard your online ecosystem. 

Read more »
Data Theft
2-Step Verification 23andMe Credential Stuffing Data Breach Data Theft

What are 'Credential Stuffing' Attacks and 2-Step Verification?

In the Light of 23andMe Security Incident Following up on the recent security breach of 23andMe that impacted around 14,000 customer accounts, the security incident underscored the utilization of a cybersecurity tactic known as "credential stuffing," where unauthorized access is gained by exploiting known passwords, potentially sourced from previous data breaches. 

As per a new filing, the information, which typically encompassed details about ancestry and, in some cases, health-related data derived from users' genetics, was acquired through a credential-stuffing attack. In this type of cyber attack, hackers leveraged login details obtained from previously breached websites to gain unauthorized access to users' accounts on various platforms. 

The threat actor not only breached individual accounts but also accessed numerous files containing profile information about other users' ancestry. These files were originally shared by users who opted in to 23andMe's DNA Relatives feature, and the compromised information was subsequently posted online by the attackers. 

Let's Understand 'Credential Stuffing' 

Credential stuffing is a cyber attack method in which attackers use automated tools to systematically and rapidly input large volumes of username and password combinations (credentials) into online login forms. These credentials are typically obtained from previous data breaches or leaks on other websites or services. 

The attack relies on the fact that many people reuse the same username and password across multiple online platforms. When attackers acquire a list of compromised credentials, they use automated tools to "stuff" or try these credentials on various websites, hoping to gain unauthorized access to user accounts. The success of credential stuffing attacks depends on the prevalence of password reuse among users. 

To protect against such attacks, individuals must use unique passwords for different online accounts and for organizations to implement security measures such as multi-factor authentication (MFA) to add an extra layer of protection. 

23andMe Holding Co., headquartered in South San Francisco, California, is a prominent player in the field of personal genomics and biotechnology. Renowned for its direct-to-consumer genetic testing service, the company invites customers to submit a saliva sample for laboratory analysis. Through single nucleotide polymorphism genotyping, the genetic data is deciphered to produce comprehensive reports on the customer's ancestry and predispositions to health-related conditions. 

This innovative approach has positioned 23andMe as a key player in the dynamic landscape of genetic testing, offering individuals valuable insights into their genetic makeup. Also, the company mentioned that when the hackers got into those accounts, they could see a lot of files with information about other users' family backgrounds. These were the users who decided to share details through 23andMe's DNA Relatives feature. However, the company did not say exactly how many of these files were or how many "other users" were impacted. 

Following the breach, 23andMe took swift action by advising users to reset their passwords. Additionally, the company strongly recommended the adoption of multi-factor authentication as a vital measure to boost security. By November 6, 23andMe escalated its security measures, making it mandatory for all users to enable two-step verification, providing an extra layer of defense for user accounts. 

What is 2-Step Verification and How Does it Prevent Credential Stuffing Attacks? 

Two-step verification (2SV) is an authentication method that adds an extra layer of security to the login process. Users must provide a second form of verification, such as a temporary code sent to their phone, in addition to the usual password. 

This additional step significantly reduces the risk of credential-stuffing attacks. Even if attackers acquire login credentials from one source, they would still need the second verification factor to access the account. 2SV serves as a crucial deterrent, enhancing overall security and making it more challenging for unauthorized access through automated credential-stuffing techniques.
Read more »
Subscribe to: Comments (Atom)