{"id":20744,"date":"2020-06-23T16:44:43","date_gmt":"2020-06-23T20:44:43","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=20744"},"modified":"2022-04-27T14:50:29","modified_gmt":"2022-04-27T18:50:29","slug":"credential-stuffing","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/credential-stuffing\/","title":{"rendered":"Major Data Breaches &#038; Credential Stuffing: What You Need To Know"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">It seems that large commercial database breaches come along with disturbing regularity these days. However, both the frequency of these occurrences and the size of them, seem to have a tendency to make people feel <\/span><i><span style=\"font-weight: 400;\">less <\/span><\/i><span style=\"font-weight: 400;\">alarmed than perhaps they should. One of the things that\u2019s difficult for individuals to imagine is how hackers can actually make use of the vast amount of name and password data they steal.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cCredential stuffing\u201d is the technique that\u2019s used to take vast amounts of leaked data and use it to gain entry to sites that can provide immediate financial rewards, or future leverage for blackmail or other techniques.\u00a0<\/span><\/p>\n<h3><b>How Credential Stuffing Works<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">\u201cThe process begins with data, usually leaked from large, corporate breaches. But it\u2019s important to note that there\u2019s also a rapidly-growing\u00a0 secondary market for this data,\u201d says PSafe\u2019s Director of Cybersecurity at dfndr lab, Emilio Simoni. \u201cNow there are even mega-collections \u2014 huge aggregations of breached data, that are being re-sold or offered for free downloads on dark web marketplaces.\u00a0 Some of these have hundreds of millions of password username combinations.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To bypass web-site security protocols, hackers use tools designed to make attempts appear to be coming from a wide variety of different IP addresses, and simply storm as many commercial sites as they can (where credit card or bank account information, for example, might be stored.\u00a0 \u201cThey may be successful as few as 0.1% of attempts,\u201d Simoni explains, \u201cbut when they\u2019re working with hundreds of millions of identity assets, the math works out in their favor.\u201d\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once the hackers have gained entry, they can take over the account and make use of it, either by using financial resources, or stealing more personal data to use in subsequent attacks.<\/span><\/p>\n<h3><b>How To Protect Yourself<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">As crafty and sophisticated as hackers\u2019 use of technology has become, and as common as major breaches seem to be, the good news about credential stuffing is that it\u2019s relatively easy to protect yourself from damage. \u201cWe recommend three fundamental steps to all of our customers,\u201d says Simoni, \u201cpractice good password hygiene; use two factor authentication whenever possible, and protect yourself with a solid ID Theft prevention solution.\u201d<\/span><\/p>\n<p><b>Password Hygiene: <\/b><span style=\"font-weight: 400;\">Never use the same password for more than one site. You can use many free services to generate strong passwords for you, and make sure that your passwords are kept up to date on every site. This way, if a Social Site gets hacked, your password for your bank account isn\u2019t in danger.\u00a0<\/span><\/p>\n<p><b>Two Factor Authentication:<\/b><span style=\"font-weight: 400;\"> Most financial and major social sites now offer two-factor authentication (usually with an option to send a code via-text to your phone).\u00a0 Use these protocols whenever they\u2019re available.<\/span><\/p>\n<p><b>ID Theft Protection:<\/b><span style=\"font-weight: 400;\"> \u201cHaving an early warning system for identity thefts and data breaches is a great way to stay ahead of hackers,\u201d Simoni explains. \u201cThis is why our dfndr PRO product offers a feature that allows you to scan globally to see if your data has been breached, and lets you know where and when if it does discover a breach.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With breaches occurring with increasing frequency, perhaps the way to stay ahead of the hacker-security cat-and-mouse game is to have a searchlight ability to know the status of <\/span><i><span style=\"font-weight: 400;\">your personal data<\/span><\/i><span style=\"font-weight: 400;\"> at any time. With dfndr installed on your phone, you have one free ID Theft scan, so you can test it now if you like.\u00a0 dfndr security PRO also has other important safety features, like a Safe App Scanner to protect you from malicious (data stealing) apps, and Anti-Theft features that help you locate and control your mobile device if it gets lost or stolen.\u00a0\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/go.onelink.me\/U4Bc?pid=MKT_BLOG_US&amp;amp;c=credential-stuffing\"><strong>If you want to be fully protected, we suggest that you download dfndr security now. Just click here!<\/strong><\/a><\/p>\n<p><span style=\"font-weight: 400;\">In the meantime, make sure you have strong passwords, and different passwords on every site, and deploy two factor authentication wherever you can.\u00a0 At Psafe, we\u2019ll continue to keep you apprised of the many ways hackers are trying to make your life miserable &#8212; and the best ways you can return the favor!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As crafty and sophisticated as hackers\u2019 use of technology has become, and as common as major breaches seem to be, the good news about credential stuffing is that we have the solution.<\/p>\n","protected":false},"author":83,"featured_media":20747,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[1],"tags":[12440,12441],"class_list":["post-20744","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-credential-stuffing","tag-dfndr-security-pro"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/20744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=20744"}],"version-history":[{"count":6,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/20744\/revisions"}],"predecessor-version":[{"id":20751,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/20744\/revisions\/20751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media\/20747"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=20744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=20744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=20744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}