More than 1 million customers’ passwords at 17 major retailers have been compromised in what’s known as “credential stuffing” attacks, New York Attorney General Letitia James said, warning businesses to take extra precautions.
James said that an investigation by her office had uncovered the cyberattacks, in which hackers take usernames and passwords stolen from other online services, and use those, with the help of automated computer programs, to attempt to log in to businesses. Many people use the same password for multiple online sites, making the credential stuffing possible.
The attorney general’s office alerted the 17 companies about the compromised accounts and each retailer took steps to protect the accounts, James said.
She also posted a for businesses to help prevent credential stuffing and other cyber attacks.
“Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing,” James said in a news release.
The guide recommends that businesses tighten security in a number of ways, such as requiring multi-factor authentication for online accounts; employing bot-detection software and services; using password-less authentication; and requiring re-authentication at the time of purchase, such as requiring customers to re-enter credit card numbers and security codes.
Topics New York
Was this article valuable?
Here are more articles you may enjoy.
IBM Agrees to Pay Government $17 Million in DEI Settlement 
Toilet Paper Warehouse Fire Investigators Review Viral Video 
Trump Approves Disaster Requests for at Least 7 States; Others Wait 
Convicted Insurance Mogul Lindberg Should Pay $1.6B Restitution to Companies 
