Security News > 2021 > February > Credential spill incidents nearly doubled since 2016

The number of annual credential spill incidents nearly doubled from 2016 to 2020, according to F5 research.

"Attackers have been collecting billions of credentials for years. Credential spills are like an oil spill, once leaked, they are very hard to clean up because credentials do not get changed by unassuming consumers, and credential stuffing solutions are yet to be widely adopted by enterprises."

Although most organizations do not disclose password hashing algorithms, 90 specific incidents have been studied to give a sense of the most likely credential spill culprits.

In 2018 it took an average of 15 months for a credential spill to become public knowledge.

Reincarnation: After conducting credential stuffing attacks on a variety of web properties, a subset of criminals set about repackaging valid credentials to extend their exploitable shelf life.

"Attackers will continue to modify their attacks to fraud protection techniques, which is creating a strong need and opportunity for adaptive, AI powered controls related to credential stuffing and fraud."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/0EqTTMiYHeI/