Increase in Credential Stuffing Attacks - Cyber and Fraud Centre

Multi-Factor authentication provider Okta has identified a considerable increase in credential stuffing attacks on their users in their 2022 State of Secure Identity Report. In the first 90 days of 2022, Okta saw almost 10 billion credential stuffing events on its multi-factor authentication platform. This resulted in 34% of all login traffic coming from these attacks, a considerable jump from 2021, where credential stuffing attacks amassed only 16.5% of all of Okta’s login traffic.

Credential stuffing attacks are a form of cyber attack that takes advantage of password reuse. Threat actors take username and password combinations from data breaches and attempt to log in to other major sites using the credentials, typically with the help of bots. Accounts that have reused the same password can be easily compromised in these attacks, especially if they don’t enable multi-factor authentication.

*Credential stuffing diagram. Source:* *https://assets.ctfassets.net/2ntc334xpx65/5B8jmyTUmE1P6SDCaBh8mz/3062de705791d0e2aec249022ff50840/The_State_of_Secure_Identity_2022_Auth0.pdf*

Okta noted that the industries targeted the most with credential stuffing attacks are retail/eCommerce, financial services, and entertainment. Malicious actors may target these industries the most because they typically hold users’ banking details and therefore are a high-value target for cybercriminals.

However, these industries are not the only ones regularly targeted by credential stuffing attacks. Teachers and parents may recall the recent hacking of the primary school education app Seesaw, which is used to share children’s work in the classroom and provide a communication platform between parents and teachers. The organisation reported suffering from a credential stuffing attack, which compromised individual accounts. The hackers then used these accounts to send links containing inappropriate images to other parents’ accounts. School districts were affected across the US and UK, with the attack even reaching parents in Fife.

*The amount of credential stuffing attack attempts by industry during the first 90 days of 2022. Source:* *https://assets.ctfassets.net/2ntc334xpx65/5B8jmyTUmE1P6SDCaBh8mz/3062de705791d0e2aec249022ff50840/The_State_of_Secure_Identity_2022_Auth0.pdf*

Preventions:

The best way to prevent any of your accounts from being compromised in a credential stuffing attack is to stop reusing the same passwords for multiple accounts and instead use different passwords for every account you have. Importantly, make sure your passwords are completely different for each account, not just a slightly changed version (such as password1 to password2), as hackers will often try different variations of your password in credential stuffing attacks.

The best password creation practice is to use three random words alongside numbers and special characters. Avoid using words or phrases that could be associated with you, such as your name, your workplace/school, or your favourite football team.

We understand that keeping track of numerous passwords can be challenging! Consider using a password manager to keep track of your login details safely and securely.

Turning on multi-factor authentication (MFA) can significantly reduce the risk of your account becoming compromised. Most major apps and organisations allow you to use MFA when logging in.

Related Links:

PDF of Report – https://assets.ctfassets.net/2ntc334xpx65/5B8jmyTUmE1P6SDCaBh8mz/3062de705791d0e2aec249022ff50840/The_State_of_Secure_Identity_2022_Auth0.pdf – Published September 2022

https://auth0.com/blog/top-insights-from-our-2022-state-of-secure-identity-report/ – Published September 21^st 2022

https://www.bleepingcomputer.com/news/security/okta-credential-stuffing-accounts-for-34-percent-of-all-login-attempts/ – Published September 21^st 2022

22.09.22

Threat Intelligence Alerts