Over 60% of credential stuffing attacks detected over the past two years have been targeted at retail, travel and hospitality businesses, according to Akamai.
The security vendor’s latest report: Loyalty for Sale, is compiled from internet traffic flowing through its extensive global content delivery network.
It revealed that, during the period July 1 2018 to June 30 2020, it detected over 100 billion credential stuffing attempts. Almost 64 billion of these were aimed at cracking open user accounts in the retail, travel and hospitality sectors. Further, retail accounted for the vast majority (90%+) of the attacks aimed at these verticals.
Such attacks remain popular given the continuous surge of breached log-ins onto underground sites and the potentially rich pickings to be found inside cracked accounts.
“Criminals are not picky — anything that can be accessed can be used in some way,” said Steve Ragan, Akamai security researcher and report author.
“This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold and traded, or even compiled for extensive profiles that can later be used for crimes such as identity theft.”