Inyova
en en
Tech tips: Credential stuffing attack
Back

Tech tips: Credential stuffing attack

Inyova’s short monthly newsletter about security recommendations, news, and interesting facts.

This is an internal newsletter sent to the Inyova team each month. We hope you enjoy it as much as we do!

Today’s topic: Buckle up for credential stuffing attacks. 

What the hack is credential stuffing? 

A credential stuffing attack is a type of brute force cyberattack done the smart way. Instead of trying to log in on a platform with random string combinations, the attacker uses a list of emails and passwords that were already breached and published. As people re-use their passwords, there’s a good chance to hack an account.

Normally passwords are saved hashed, a.k.a. as messy unreadable text. That normally slows down attackers. But in 2009, RockYou was hacked and 32 million user accounts were saved in plain text, including passwords. Hence, if you had Facebook or Myspace in 2009, you can probably find yourself in the hacked file.

Why should I care?

RockYou2009 is just one example and there have been billions of records breached since then, especially in recent years. The base for stuffing attacks is as good as it can get nowadays.

You can go ahead and check if your email appeared in a known attack on this website.

What should I do? 

Metaphorically said: The only way to protect your TV from being stolen is to lock the house door with a key that was not copied and was not spread around your neighbourhood.

You do not use one key to lock all your doors – don’t use one password for all platforms, use a different password for each.

Your apartment key is not a simple straight stick, but a complex metal shape – make your password complex, using 8+ characters, upper-/lower-case, special characters, and numbers. 

If your apartment key is stolen, you change locks – if your email is breached, change your password.

Saved in the browser?

You could, BUT a disadvantage of saving passwords in the browser is that anyone who gets access to your physical computer has access to your browser passwords. Luckily lately, at least for macOS, if you want to see the password in settings, you are asked for a computer OS password. But there’s an easy way around that as well. 

I would recommend using password management systems and plugins for work and home logins.

 

That’s it! Keep your mechanics safe and thanks for reading.

Sources: https://www.upguard.com/blog/biggest-data-breaches

Haftungsausschluss: Die Wertentwicklung von Finanzmärkten und -instrumenten in der Vergangenheit ist niemals ein Indikator für die Wertentwicklung in der Zukunft. Die Aussagen oder Informationen in diesem Dokument stellen keine Empfehlung, kein Angebot, keine Aufforderung zum Kauf oder Verkauf von Wertpapieren oder Finanzinstrumenten dar. Die Inyova AG übernimmt keinerlei Gewähr hinsichtlich der Zuverlässigkeit und Vollständigkeit der Informationen dieses Artikels. Haftungsansprüche gegen die Inyova AG wegen Schäden, welche aus der Nutzung der in diesem Dokument veröffentlichten Informationen entstanden sind, werden ausgeschlossen. Darüber hinaus spiegeln die in diesem Dokument enthaltenen Aussagen eine Einschätzung zum Zeitpunkt der Veröffentlichung wider und können sich ändern. Verweise und Links auf Webseiten Dritter liegen ausserhalb des Verantwortungsbereichs der Inyova AG. Jegliche Verantwortung für solche Webseiten wird abgelehnt.
You might also like:
Tech tips: Massive ransomware increase
Tech tips: Heartbreaking Robinhood story 
Inyova AG Limmatstrasse 123 8005 Zurich
Apple Store Download from
Apple Store Google Store Download from
Google Store
Inyova AG Limmatstrasse 123 8005 Zurich
© 2024 — Inyova AG
Select your language and country
Choose the country of your residence to learn more about our offering for you.