Hacker finds or buys compromised user names and passwords a.k.a credentials, on the Dark Web. Hacker then attempts to login to common or popular websites and online services using those same credentials. Oh yeah, there are already software tools available to automate this for hackers so that they can try millions of accounts on thousands of sites. And voila, just like that, we have a credential stuffing attack! Why does this work? Because millions of people reuse their passwords on multiple sites! Norton Lifelock, Paypal, Chick-fil-A, United Healthcare and most recently clothing company Hot Topic have all experienced this attack in 2023.
anatomy of a credential stuffing attack
There are thousands of data brokers on the internet and the list includes some very well known large tech companies. Many are foreign companies including companies out of Russia and China. Data brokers collect, trade and sell information about each and every one of us. They collect information about us from tracking technologies such as cookies, beacons, pixels and more that lurk on websites, apps and devices (yes, that smart TV you bought, that has trackers in it too!) that we use as well as from companies that we do business with such as banks, credit card companies, etc. They will sell the information to anyone who asks - including hackers! Yes, that is correct - your online safety is linked to your online privacy!
How big is this problem?
Here are some numbers:
How can you protect yourself and your family's privacy better?
Remember, this is a game of risk reduction and there is no one single cure. You can use 'Incognito Mode' on your browser in combination with privacy preserving search engines. But this still leaves you exposed on apps, devices such as your smart TV, smart speakers, smart thermostats, gaming systems and other connected devices and online services. Also remember, apps are not just on phones, they are on smart TVs, smart speakers and gaming systems too. You also need whole home online privacy and security solutions likethat protect you from cyber threats but also automatically identify and block privacy threats.
Advance fee scams, romance scams, Medicare scams, grandparent scams, tech support scams, government imposter scams - the list keeps growing! Seniors are increasingly targets of online and real life scams. Seniors lost an average of $35,101 in 2022 for a total of over $3.1 billion! Staggering numbers and they only keep increasing. Awareness and alertness are indeed the most effective tools to prevent seniors from falling prey. Local and federal governments have woken up to the scourge and issue alerts on new and emerging scams. If you are a victim of a scam, help is available at both state and federal levels.
read about the justice department's national elder fraud hotlineSocial media platform X, formerly known as Twitter, has been flooded with crypto giveaway scams impersonating Elon Musk, SpaceX or Tesla's accounts utilizing a deepfake video of Elon Musk. Yikes - trust no face, trust no account!
The Clorox Company, the makers of the pseudonymous bleach product, was hit by a cyber breach last month and is still struggling to get their operations back online resulting in shortages for multiple of their products.
NodeStealer malware is targeting Facebook business accounts to steal user credentials and browser data. It is distributed a malicious file attachment sent through Facebook Messenger using pictures of defective products as bait!
