Security News > 2022 > January > NY OAG: Hackers stole 1.1 million customer accounts from 17 companies
The New York State Office of the Attorney General has warned 17 well-known companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks.
NY OAG discovered these compromised online accounts after a "Sweeping investigation" over several months after monitoring multiple online communities dedicated to sharing validated credentials harvested in previously undetected credential stuffing attacks.
"After reviewing thousands of posts, the OAG compiled login credentials for customer accounts at 17 well-known companies, which included online retailers, restaurant chains, and food delivery services," NY OAG said today.
"In all, the OAG collected credentials for more than 1.1 million customer accounts, all of which appeared to have been compromised in credential stuffing attacks."
"Businesses have the responsibility to take appropriate action to protect their customers' online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We must do everything we can to protect consumers' personal information and their privacy."
Today, NY OAG also published a report providing further details on its credential stuffing investigation and how companies can protect their customers and respond to such incidents.