Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections
Home > F5 Networks Inc > Credential Stuffing: A Security Epidemic
 

Credential Stuffing: A Security Epidemic

White Paper Published By: F5 Networks Inc
F5 Networks Inc
Published:  Dec 08, 2017
Type:  White Paper
Length:  9 pages

In a credential stuffing attack, cybercriminals turn to the dark web to purchase previously stolen usernames and passwords. They then make repeated attempts with automated tools to “stuff” the login fields of other websites with the credentials to gain access to accounts held by corporate users or customers. When a “stuffing” attempt is successful, the attacker uses the account for fraudulent purposes. There’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts. 

These attacks wouldn’t be successful if people used different usernames and passwords for each site or application they access. Instead of taking the time and energy to craft unique credentials for each of their many accounts, nearly three out of four users reuse and recycle credentials across accounts.



Tags : 
data breach, credential stuffing, system security, security