According to New York Office of Attorney General (OAG) data of around 1.1m user accounts related to 17 companies was reportedly compromised in a Credential Stuffing Cyber Attack.
To those unaware of such attacks, here’s a gist. A credential stuffing is a kind of automated online process where hackers attempt to access online accounts by using usernames and passwords sourced from various cyber attacks.
New York Office of Attorney General Letitia James announced passwords related to over 15 billion stolen accounts were being circulated on the web, putting the future of online users in deep trouble.
Ms. James stated that the attack details came to her office through an anonymous source and added in her statement that the companies whose users were compromised were informed about the threat in December last year.
Now the big question, how do hackers steal passwords?
Hackers use many ways to steal a password, and some of them include phishing attempts and other social engineering attacks. They also use malware for stealing the password from a browser when a user is seeking an online service.
Sometimes threat actors use brute force attacks to steal a password. A brute force attack succeeds when an online user utilizes the same passwords for several online services, making it as an easy to open doorway to hackers.
Using strong passwords that are a mixture of alpha-numeric characters tucked with 1 or 2 special characters will help in keeping prying eyes at bay. Reuse of the same password on multiple accounts will also avoid a person in committing a password mistake. Switching on to a 2-FA on all online accounts and using a password manager will help in keeping threat actors at bay.
While using banking services, always ensure to login to a HTTPS website- only to avoid punching your credentials into fake ones.
Keeping your operating system up to date and using apps downloaded from Apple or Google play store makes complete sense in avoiding trouble.