Categories: Uncategorized

Major Data Breaches & Credential Stuffing: What You Need To Know

It seems that large commercial database breaches come along with disturbing regularity these days. However, both the frequency of these occurrences and the size of them, seem to have a tendency to make people feel less alarmed than perhaps they should. One of the things that’s difficult for individuals to imagine is how hackers can actually make use of the vast amount of name and password data they steal.  

“Credential stuffing” is the technique that’s used to take vast amounts of leaked data and use it to gain entry to sites that can provide immediate financial rewards, or future leverage for blackmail or other techniques. 

How Credential Stuffing Works

“The process begins with data, usually leaked from large, corporate breaches. But it’s important to note that there’s also a rapidly-growing  secondary market for this data,” says PSafe’s Director of Cybersecurity at dfndr lab, Emilio Simoni. “Now there are even mega-collections — huge aggregations of breached data, that are being re-sold or offered for free downloads on dark web marketplaces.  Some of these have hundreds of millions of password username combinations.”

To bypass web-site security protocols, hackers use tools designed to make attempts appear to be coming from a wide variety of different IP addresses, and simply storm as many commercial sites as they can (where credit card or bank account information, for example, might be stored.  “They may be successful as few as 0.1% of attempts,” Simoni explains, “but when they’re working with hundreds of millions of identity assets, the math works out in their favor.” 

Once the hackers have gained entry, they can take over the account and make use of it, either by using financial resources, or stealing more personal data to use in subsequent attacks.

How To Protect Yourself

As crafty and sophisticated as hackers’ use of technology has become, and as common as major breaches seem to be, the good news about credential stuffing is that it’s relatively easy to protect yourself from damage. “We recommend three fundamental steps to all of our customers,” says Simoni, “practice good password hygiene; use two factor authentication whenever possible, and protect yourself with a solid ID Theft prevention solution.”

Password Hygiene: Never use the same password for more than one site. You can use many free services to generate strong passwords for you, and make sure that your passwords are kept up to date on every site. This way, if a Social Site gets hacked, your password for your bank account isn’t in danger. 

Two Factor Authentication: Most financial and major social sites now offer two-factor authentication (usually with an option to send a code via-text to your phone).  Use these protocols whenever they’re available.

ID Theft Protection: “Having an early warning system for identity thefts and data breaches is a great way to stay ahead of hackers,” Simoni explains. “This is why our dfndr PRO product offers a feature that allows you to scan globally to see if your data has been breached, and lets you know where and when if it does discover a breach.”

With breaches occurring with increasing frequency, perhaps the way to stay ahead of the hacker-security cat-and-mouse game is to have a searchlight ability to know the status of your personal data at any time. With dfndr installed on your phone, you have one free ID Theft scan, so you can test it now if you like.  dfndr security PRO also has other important safety features, like a Safe App Scanner to protect you from malicious (data stealing) apps, and Anti-Theft features that help you locate and control your mobile device if it gets lost or stolen.  

If you want to be fully protected, we suggest that you download dfndr security now. Just click here!

In the meantime, make sure you have strong passwords, and different passwords on every site, and deploy two factor authentication wherever you can.  At Psafe, we’ll continue to keep you apprised of the many ways hackers are trying to make your life miserable — and the best ways you can return the favor!

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago