Cybercrime is becoming a bane of modern life. Prime Minister Antony Albanese called it a “disaster”, and he’s right. From 2022 to 2023, approximately 94,000 cyber crimes occurred. report Australia saw a 23% year-on-year increase.
latest high profile attackalcohol retailer Dan Murphy, Mexican restaurant chain Guzman y Gomez, Event Cinemas, and home shopping network TVSN, approximately 15,000 customers had their login credentials and credit card details fraudulently used to purchase goods and services. I was subjected to so-called “cheating”.credential stuffing” attack.
So what is credential stuffing, and how can you reduce the risk of it occurring?
Reuse the same login information
Credential stuffing is a type of cyberattack in which hackers use stolen usernames and passwords to gain unauthorized access to other online accounts.
In other words, they steal a set of login details for one site and try it on another site to see if it works there as well.
This is possible because many people use the same username and password combination on multiple websites.
It is common to use . same password For multiple accounts (although this is very risky).
Some people use the same password for all their accounts. This means that if one account is compromised, a hacker may be able to access many (or all) other accounts using the same credentials.
“Brute force” attack
Hacker buys Joblot login credentials (obtained from earlier) data breach) in”dark web”.
They then use automated tools called “bots” to perform credential stuffing attacks. These tools can also be purchased on the dark web.
Bots are programs that perform tasks over the Internet much faster and more efficiently than humans.
In what’s fancy called a “brute force” attack, hackers use bots to test millions of username and password combinations on different websites until they find a match. It’s easier and faster than many people think.
This incident is occurring more and more frequently as the barrier to entry for would-be cybercriminals is lower than ever. The dark web is easily accessible and the resources needed to launch an attack can be used in cryptocurrencies and are available to anyone willing to go to the dark side.
How can I protect myself from credential stuffing?
The best thing to do is to avoid reusing passwords across multiple sites and apps. Always use a unique and strong password for each online account.
Choose a password or passphrase that is at least 12 characters long, complex, and difficult to guess. Must use a combination of uppercase and lowercase letters, numbers, and symbols. Don’t use your pet’s name, birthday, or anything else you can find on social media.
You can use password manager Generate unique passwords for all your accounts and store them securely. They use strong encryption and are generally considered to be fairly secure.
Another way to protect yourself from credential stuffing is to enable two-factor authentication (2FA) for your online accounts.
Two-factor authentication is a security feature that requires you to enter a code or use a device in addition to your password when you log in.
This provides an extra layer of protection if your password is stolen.can be used apptext message, or hardware device You will receive a two-factor authentication code (like a small “key” that you connect to your computer).
Monitor your online accounts regularly for suspicious activity. You can also use the website to see if your email or password has been exposed to a data breach. have I been pawned?.
You might be surprised by what you see. If you find your login details there, use this as a timely warning to change your password as soon as possible.
eternal vigilance
In today’s world where cybercrime is on the rise, the best defense against credential stuffing and other forms of hacking is vigilance. Don’t be complacent when it comes to your online security, be proactive.
Use unique passwords and password managers, enable two-factor authentication, monitor your accounts, and check breach notification sites (like Have I Been Pwned).
Remember, the recent attacks on Dan Murphy, Guzman, Gomez and others show how easily our online lives can be subverted. Don’t make your credentials just another statistic. As you read this, criminals are coming up with new ways to exploit our vulnerabilities.
By adopting good digital hygiene and effective security measures, you can take back control of your online identity.
David Tuffley, Senior Lecturer in Applied Ethics and Cybersecurity, Griffith University.This article is republished from conversation Under Creative Commons License.read Original work.