hack_security_small

Data breach danger: credential stuffing

Data breaches aren’t going away—in fact, data indicates that they’re happening more often than ever before.

A 2018 report says that 75% of U.S. retailers have experienced a breach, with 50% experiencing the issue in the last year. (This graphic certainly drives the point home, if you have any doubt.)

Odds are good you will, or have been, impacted. But, once your data is out there, then what happens? Your email or other accounts can get hacked using a technique called “credential stuffing.”

What is it?

When breaches occur and credentials are leaked, hackers can generate massive lists of usernames (which are frequently email addresses) and passwords. With those lists, they can start crunching the data.

For example: you have a leaked email address/username and also a leaked passwords from LinkedIn and MyFitnessPal. Hackers use all three pieces of information to try and log into other types of accounts in case one of them uses the same credentials—but they’re doing this all through large-scale automated login requests.

No one is trying to crack or force their way into your accounts, but instead hackers are using massive automation to run through all of the different possible places your credentials could be used again. This is clearly a huge scam but it works, in part because many people use the same password in multiple places.

What can you do?

To help prevent a hacker from “stuffing” your credentials, here are things you can do:

  1. Don’t use the same password twice! More than 80% of us do it, but we really, really shouldn’t.
  2. Use a password safe/vault/manager. Using a password managers such as Password Safe or KeePass (just examples of the many out there) makes it easier to use randomly generated passwords for every site you use.
  3. Sign up for HaveIBeenPawned.com The site will notify you if your email address was involved in a known breach.
  4. Use uBlock:Origin with Chrome or FireFox. This browser extension can help block malicious links if you happen to click on one.

 

 

About Missy Kellor

Missy works on the Corporate Communications team and reports stories to TDS employees and customers. This is right up her alley because she’s an extrovert and also a big fan of research (really, she’ll look up just about anything that strikes her interest). Missy is a native of Madison, Wis. with an undergraduate in Anthropology and a master’s degree in Life Sciences Journalism from the University of Wisconsin-Madison. Her interest in the Internet as a mass media shaped her work towards a PhD in Journalism and Mass Communications. She’s also worked as an editorial assistant, copywriter, and production artist. In her off hours, Missy is a crafter, Pinterest addict, reader, wife, and mom of two kids. You can find Missy on G+ and on Twitter.
No comments yet.

Leave a Comment