Security News > 2021 > October > MoneyLion locks customer accounts after credential stuffing attacks
The banking and investing platform MoneyLion had to lock customer accounts that were breached in credential stuffing attacks over the summer, in June and July.
In credential stuffing attacks, threat actors use large collections of username/password combinations leaked following security breaches of various online services to log into the victims' user accounts on other online platforms.
Such attacks commonly work particularly well against those who reuse their credentials for accounts on multiple sites.
The attackers' end goal is to gain access to as many accounts as possible to steal sensitive info and money or to take over the identities of the accounts' owners.
MoneyLion also failed to find proof that the affected customers' Social Security Number, driver license numbers, and payment information relating to linked bank accounts or debit cards were impacted in the incidents.
In response to the attacks, MoneyLion locked the impacted customers' accounts to force them to reset their credentials and notified them of the incident.
News URL
Related news
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)