What Hackers are Doing with YOUR Passwords

The internet is literally swarming with hackers who are incessantly hunting for targets. Vulnerable database servers are essentially one of their favorite objects on which to launch their diabolical attacks since they contain tons of info and data that these hackers can use. Most of them are seeking out personal details such as credit card info, names and addresses, and  of course—passwords.

Over time, fraudsters have hacked into huge databases and have occasionally made off with literally millions of files, records, and/or other personal details at a time. According to Shape Security’s most recent report, hackers utilize these user passwords to launch a cyber attack called “credential stuffing.”

Credential stuffing is when hackers fill a database with as many passwords and usernames they can find and feed them into an automated hackers’ tool that pounds away at a specified website. The more log-in credentials they accumulate, the better their odds are at finding one that will unlock your account.

These types of attacks are actually a lot more common than many people realize. Shape Security asserts that a whopping 90% of retail website log-in attempts are not actual cyber shoppers trying to log into their own accounts; they are actually credential stuffing attacks in progress.

Airline websites are the 2nd most-targeted types of sites, and 60% of their log-in attempts are credential stuffing attacks. Online banking sites are in 3rd place with 58%, and in 4th place at 44% are hotel websites.

These hackers are attempting to hack into these accounts to either make fraudulent purchases or gain access to credit card data and/or other payment info.

Shape Security states that at about 3% of the time, credential stuffing can actually be successful. That’s equal to 30,000 successes for every one million attempts.

This is why you should create sophisticated passwords and never use the same password for more than one site.

Leave your own thoughts and/or comments below.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients