Cyber breaches at 17 well-known firms have compromised more than 1.1 million online accounts, according to New York Attorney General Letitia James.
Without naming the firms, James released a ‘Business Guide for Credential Stuffing Attacks’ which describes the attacks, which involve repeated automated attempts to access online accounts using usernames and passwords stolen from other online services, and how businesses may secure themselves.
James said in a statement late on Wednesday, “Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users’ personal information stands in jeopardy,”
Credential stuffing is a type of hack that involves logging into online accounts with usernames and passwords which is stolen from unrelated online services.
It relies on the common practise of reusing passwords — as a password used on one website is likely to have been used on another.
Following the discovery of the attacks, the Office of the Attorney General (OAG) notified the affected organisations, allowing them to reset passwords and alert their customers.
James said “We must do everything we can to protect consumers’ personal information and their privacy,”
One of the most common types of cyberattack is credential stuffing attack. According to the operator of one major content delivery network, it witnessed over 193 billion such attacks in 2020 alone.
The OAG has notified each of the 17 companies that their accounts have been compromised, urging them to investigate and take prompt steps to secure their customers.
According to the companies’ investigations, the majority of the attacks had not been detected previously.