TMCnet News
2.3 Billion Account Credentials Compromised from 51 Organizations in 2017; New Research Shows Breadth of Breach ImpactsMOUNTAIN VIEW, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- Shape Security, the provider of advanced security and fraud technology for the world’s largest companies, today released its second annual Credential Spill Report, shedding light on the extent to which the consumer banking, retail, airline and hospitality industries are impacted by credential stuffing attacks and account takeover. The report analyzes attacks that took place in 2017 and reveals 2.3 billion account credentials were compromised as a result of 51 independent credential spill incidents. Credential stuffing collectively costs U.S. businesses over $5 billion a year. When usernames and passwords are exposed, or “spilled,” through a data breach or attack on users, criminals harvest these credentials and test them on a wide range of websites and mobile applications. There is up to a three percent success rate for account takeover from credential stuffing attacks because the majority of the population reuses passwords. The attackers then drain those accounts of value to commit all types of fraud, from unauthorized bank transfers to illicit online purchases. Shape Security’s report found that an average of 15 months elapsed between the day credentials were compromised and the day the spill was reported by an organization. This is the most dangerous window of time as criminals carry out credential stuffing attacks using credentials that have not yet been identified as compromised, meaning companies have no way of knowing which uses are at risk. The longer an attack group can conceal the stolen credentials, the more value theycan extract by weaponizing the credentials against a range of other organizations. “Credential stuffing has become an increasingly popular attack vector powering a robust and complex criminal ecosystem,” said Shuman Ghosemajumder, CTO, Shape Security. “Data breaches have become pervasive over the last few years, but what most people don’t realize is the domino effect of damage that a single breach is capable of producing. To fight back, organizations have started banding together to build a collective defense to be alerted when credentials stolen from one breach are being used to log in to another, effectively blocking attackers attempting to access their platforms with compromised credentials.” Additional 2018 Credential Spill Report findings:
Shape Security protects over 1.6 billion online accounts from credential stuffing. Its customer base represents a large proportion of U.S. industries including 60 percent of airlines, 40 percent of hotels and 40 percent of consumer banking. Credential Spill Report About Shape Security Contact Information |