Threat Minute: What is Credential Stuffing and How Do You Protect Against It?
In today's threat briefing, I want to discuss credential stuffing.
Video sharing platform Daily Motion recently announced that they suffered a credential stuffing attack, which led to multiple accounts getting compromised. Let’s explore what credential stuffing is and how to protect yourself against it.
What is Credential Stuffing?
Credential stuffing is a type of cyber attack where hackers use usernames and passwords that they might have downloaded from other websites or the deep web. Or, maybe they bought it off the black market from one of the recent data breaches. They use those usernames and passwords to gain illegal access to other user accounts on other websites.
Data Breaches are the New Normal
Daily Motion isn't the only company that has suffered this type of attack. High profile social news site Reddit also recently announced that they had many accounts suffer the same type of credential stuffing attack where their users were compromised. With data breaches becoming the new normal, this is a natural progression for what is to come. Enterprises and everyday people need to protect themselves.
Three Ways to Protect Against Credential Stuffing
- The easiest way to protect yourself from credential stuffing is: don't reuse passwords.
- Use a password manager to help you manage your passwords. These tools help you create a unique and strong password for every website and login. They are really easy to download and use. Plus, they're all over the place, and there are some good ones out there.
- Enable two factor authentication for any system or site that supports it. Two-factor authentication is a method that uses multiple (two) different factors to verify and confirm a user’s claimed identity. Typically, users are asked for something they have and also for something they know. For instance, the system may ask a bank customer for their ATM card (something they have) as well as for their account pin number (something they know).
That's all! Thanks for watching today's threat briefing. I'll see you next time.
Masergy Managed Security Services
Today’s threat landscape requires a rigorous approach to cyber security that goes beyond prevention to include rapid detection and response. Masergy’s Managed Security solutions offer comprehensive managed detection and response services on a global scale, tailored to meet any budget. When you need to take the workload off of your staff, Masergy can help you optimize your security resources and improve outcomes.