Online Shoppers Could Face Eight Million Credential Stuffing Attacks Per Day Over Christmas

Online shoppers in the UK will be hit by up to eight million credential stuffing attacks per day in the Christmas period, according to a new analysis by Arkose Labs.

The worrying prediction was made following a massive spike in this attack vector, largely due to the shift to online shopping during COVID-19. Arkose researchers observed more than two billion credential stuffing from October 2020 to September 2021, representing a 98% increase on the previous year. Astonishingly, they found this activity made up 5% of all online traffic in the first half of 2021.

According to the analysts, credential stuffing rose by 56% during last year's Christmas and New Year shopping period. This enabled them to calculate that consumers will face up to eight million attacks every day in the same period this year.

Credential stuffing is where fraudsters attempt to gain unauthorized access to consumers’ financial and personal accounts by automating known stolen username and password combinations across multiple sites. Once inside, the attackers can monetize the account in numerous ways. These include draining compromised accounts of funds, stealing and reselling personal data, selling lists of known verified username and password combinations and using the compromised accounts to launder money gained from other illegal enterprises. The success of this tactic has been exacerbated by common password reuse among online users.

The study found that sectors most often targeted by credential stuffing attacks were gaming, digital and social media and financial services. In fact, nearly 50% of all attacks targeting the gaming industry were credential stuffing.

Interestingly, the UK ..

Support the originator by clicking the read the rest link below.