Hackers use programs to apply stolen data in a flood of login attempts, called “credential stuffing.” The airline and consumer banking industries are also under siege, with about 60% of login attempts coming from criminals.
These attacks are successful as often as 3% of the time, this type of fraud costing the ecommerce sector about USD 6 billion a year, while the consumer banking industry loses out on about USD 1.7 billion annually. The hotel and airline businesses are also major targets: the theft of loyalty points costs USD 700 million every year.
The report also uncovers the fact that criminals harvest usernames and passwords from data breaches and test them on every website and mobile app. Moreover, on average, it takes 15 months from the day credential data is stolen to the day an intrusion is revealed. That is more than enough time for criminals to deploy the data of unsuspecting people in thousands of credential stuffing attacks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now