What is the hacking technique known as ‘Credential Stuffing’?
Hackers used data stolen from less secure sources to access HSBC customers’ bank accounts. Does this mean all our online profiles now need the same level of security as our online banking credentials? How can consumers really know which websites and connections are secure?
Tim Callan, Senior Fellow at Sectigo:
“Credential stuffing” attacks are an example of how broadly information theft can be exploited by sophisticated criminals. Even seemingly innocuous personal details, stolen in a context that appears to be completely devoid of risk for critical information theft, can then be repurposed to gain inappropriate login access somewhere else.
“Consumers should only share information with online parties they know and trust. One of the ways they can be sure of the identity of a web site operator is to look for the company’s name in the browser’s address bar adjacent to the URL. When it appears in the browser this way, you can trust that this information has been authenticated and you’re seeing the actual name of the company that operates this site.”