Credential stuffing cyber attacks targeting home IP addresses


FBI has issued a warning that cybercriminals are hiding credentials on home IP addresses after hacking connected devices like IP cams and routers. To those unaware of the credential stuffing concept, here’s a gist. As soon as a cyber attack takes place and hackers gain access to loads of info, such as passwords and usernames, they sell them to other cyber crooks who then use such credentials to take over online accounts.

The law enforcement agency of the United States, along with the Australian Federal Police, exposed a cyber syndicate that was hosting two websites on which about 300,000 account credentials were being sold for a hefty price.

To avoid such troubles with passwords, tech companies are coming up with ways to avoid passwords such as 2FA, thus paving the way for password-less authentication environments.

But the adoption of such tactics is still in a nascent stage and can take years for companies to say a permanent goodbye to passwords. And unless business firms come up with foolproof tactics inducted into their products and services, home users will remain exposed to such cyber attacks.

Is it really possible in practical?

Mostly, organizations do not monitor how their users are using the passwords and whether they are following a basic principle while creating such stuff. Password reuse is also giving headaches to organizations, as most non-IT workers are following this trend and thus paving the way to 30% success to credential stuffing attacks, as they are synced or saved on the browser for further use and will thereafter pave way for easy account takeovers with not much effort and investment.

Hence, it becomes tedious for companies and individuals to brace the cyber attacks launched on home IP addresses. A collective approach where companies end the concept of passwords and users rely on authentication methods such as 2FA or bio-metrics might help… isn’t it?

NOTE- As per a report released by Akamai, the year 2020 alone witnessed about 193 billion credentials stuffing attempts, as lockdowns started the WFH culture, paving the way for the launch of more such attacks.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display