Troy Hunt writes: It feels like not a week goes by without someone sending me yet another credential stuffing list. It’s usually something to the effect of “hey, have you seen the Spotify breach”, to which I politely reply with a link to my old No, Spotify Wasn’t Hacked blog post (it’s just the output of a…
Search Results for: credential stuffing
A rough year: first a ransomware attack, then a credential stuffing attack affecting more than 1 million patients.
On April 28, NextGen submitted a breach notification to the Montana Attorney General’s Office. Thinking it would be a report linked to the ransomware attack by AlphV (BlackCat) in January, DataBreaches prepared to write an update. But it turned out that it was not that incident. It was a seemingly unrelated incident. NextGen, a business…
New York Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting More Than 1.1 Million Consumers
NEW YORK – New York Attorney General Letitia James today announced the results of a sweeping investigation into “credential stuffing” that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies. Attorney General James released a “Business Guide for Credential Stuffing Attacks” that details the attacks — which involve repeated, automated attempts to access online…
How Cybercriminals Abuse OpenBullet for Credential Stuffing
Cedric Pernet, Fyodor Yarochkin, and Vladimir Kropotov write: … The trend for access-related cybercrime, such as credential stuffing, is steadily rising with no sign of slowing down. According to an Akamai report, there has been a total of 88 billion credential stuffing attacks from January 2018 to December 2019. Credential stuffing, a type of a…
FR: CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…
Over 300K Spotify accounts hacked in credential stuffing attack
Lawrence Abrams reports: Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources. For years, users have complained that their Spotify accounts were hacked after passwords were changed, new playlists would appear in their profiles, or their family…