How Do Attackers Proceed?
Many users use the same password for different user accounts. Attackers make use of this by testing a large number of (stolen) user-password combinations to misuse user accounts themselves or sell working logins to others. Lists of these credentials can be found en masse on the Darknet and the Internet—some of them with hundreds of millions of datasets. We distinguish between two different methods for using or preparing such illegal lists: credential stuffing and credential cracking.
What Does Credential Stuffing Mean?
Credential stuffing—also called password stuffing—is a method used for trying out known user-password combinations on other websites. For example, if attackers are in possession of the access data for your email service, they start automated requests using the same login data for web shops, online banks, and even company accounts.
What Does Credential Cracking Mean?
If the password for the user account is unknown and still needs to be “cracked,” this is called credential cracking or password cracking. There are various strategies for determining the sought-after password. One popular way is the brute force method, where bots try out different random letter or character combinations as the password for known user names or email addresses. Large botnets only need a few split seconds to test thousands of combinations. Lists circulating the Internet with the most-used passwords make work even easier for these attackers.
What Are the Consequences of the Misuse of Access Data?
An attack always harms affected companies and institutions, regardless of which method is chosen. Victim organizations still suffer from the consequences even years later. It is therefore extremely important to have effective protection.
Online retailers incur additional costs when customers discover the misuse of their access data. For example, increased refunds will result in a heavy economic burden.
If user data is misused or stolen on your end, this will negatively affect the relationship with your customers. Regaining trust could take years and require enormous investments.
If attackers gain access to your users’ data, they will be able to change and manipulate it at will. The longer such data misuse remains undiscovered, the greater the damage can become.
Which Industries Are Affected?
Basically, all companies and web services with a login function are affected. Airline and newspaper websites are just as big a target as online shops.
Myra Web Application
Do you have
Please contact us via contact form or call us at:
+49 89 414141 - 345.