Credential Stuffing: Increasingly Devastating in France

Credential Stuffing: Increasingly Devastating in France

This formidable technique explains the surge in cyberattacks in France. Will the United States be the next victim? In France, data thefts have surged in recent months at companies like SFR, Boulanger, Auchan, Picard, Truffaut, and Direct Assurance. While each case is different, hackers seem to have favored one tactic: “credential stuffing.” Here’s how it works.

An Effective Method

Malicious actors use credentials (usernames, email addresses, passwords) previously stolen from a service. Many users reuse the same passwords across different platforms, making this technique often profitable.

This method has proven effective, as explained by Benoit Grunemwald, ESET France’s public affairs director, to our colleagues at 01Net:

“After a data breach, cybercriminals recover thousands of emails and use automated programs to test them on multiple sites. A reused unique password becomes a backdoor into your entire digital life, especially if it opens your email. Passwords can then be easily reset.”

Cybercriminals do not perform these maneuvers manually as it would take too long. They automate the process using scripts and bots that test a large number of combinations and services quickly.

01Net cites the example of the recent cyberattack on Picard. Using credential stuffing, hackers managed to steal personal data from 45,000 loyalty program members. The same method was used during the intrusion at the Caisse d’Allocations Familiales (CAF) last August.

How to Better Protect Yourself?

Given this very real risk, it’s important to adopt good practices. The most crucial is to vary your passwords to avoid making it easy for cybercriminals.

This task is not always easy. To help you, consider using password managers. We’ve even prepared a guide listing the main offerings on the market.

Another option not to overlook is two-factor authentication. In credential stuffing attacks, if you have this tool enabled, you’ll be immediately alerted to an intrusion attempt and can act accordingly.

Finally, if you have suspicions, visit the site HaveIbeenPwned. By entering your email, you can see if your credentials have been compromised in a known data breach.

Links

• What Is Credential Stuffing? How To Prevent Credential Stuffing Attacks – Auth0
• Sell your pre-owned computer device online – iGotOffer

What is “Credential Stuffing” [Video]

Video uploaded by Ask Leo! on Mar 28, 2024.