Cybercrime continues to plague modern society, with Australia’s prime minister labeling it a “scourge.” In the 2022-23 period, Australia reported nearly 94,000 cybercrimes, representing a 23% increase from the previous year.
The most recent high-profile attack involved approximately 15,000 customers of Dan Murphy, Guzman y Gomez, Event Cinemas, and TVSN. These individuals had their login credentials and credit card details fraudulently used in a “credential stuffing” attack.
Credential stuffing occurs when hackers use stolen usernames and passwords to gain unauthorized access to other online accounts. They exploit the fact that many people reuse the same login details across multiple websites. Some even use the same password for all their accounts, making it easier for hackers to access multiple accounts if one is compromised.
Hackers acquire batches of login credentials from previous data breaches on the dark web. They then employ automated tools called “bots” to carry out credential stuffing attacks. Bots are capable of testing millions of username and password combinations on various websites until they find a match.
The prevalence of these attacks is increasing due to the accessibility of the dark web and the availability of attack resources to anyone with cryptocurrency and malicious intent.
To protect oneself from credential stuffing, it is crucial to never reuse passwords across different sites or apps. Instead, use unique and strong passwords for each online account. These passwords should be at least 12 characters long, complex, and difficult to guess. Avoid using personal information that can be found on social media.
Password managers can generate and securely store unique passwords for all accounts. Additionally, enabling two-factor authentication (2FA) adds an extra layer of security by requiring a code or device in addition to a password during login.
Regularly monitoring online accounts for suspicious activity is essential. Websites like Have I Been Pwned can help determine if email or password information has been exposed in a data breach. If compromised information is discovered, it is crucial to change passwords immediately.
In the face of increasing cybercrime, remaining vigilant is the best defense against credential stuffing and other hacking methods. Practicing good digital hygiene, using strong security measures, and staying proactive can help individuals regain control of their online identities.