Credential stuffing are attacks where hackers try to gain access to an account by trying username and password pairs from data leaks on various websites. According to the data breach report from PayPal, 34.942 users were affected by the incident.
ESET Turkey product and marketing manager, Can Erginkurban, made the following comments about the incident:
“The owners of the affected accounts should have been notified by now. Moreover, unfortunately, these people should be on the alert due to the amount of personal data that may have been accessed as a result of a simple attack. A credential stuffing attack is an automatic attack that occurs when a threat actor tries the credentials that have emerged as a result of a previous attack on another account. It remains one of the easiest attack vectors for cybercriminals, but users can easily fend off and protect their accounts in just a few steps. Everyone now needs to use unique, strong passwords for all accounts on the Internet, especially those connected to finance. Access to accounts should also be made more difficult by enabling multi-factor authentication. Multi-factor authentication can be easily achieved via SMS or an app. It is worrying that PayPal still does not require multi-factor authentication by default at login. If they had enforced it, credential stuffing attacks would have failed.”
Be the first to comment