More than 1.1 million online credentials found in NY AG credential stuffing investigation

Written by
Jan 5, 2022 | CYBERSCOOP

A months-long investigation into credential stuffing attacks by the New York attorney general’s office found credentials for more than 1.1 million online accounts at 17 major retailers, restaurant chains and food delivery services in internet forums, the agency announced Wednesday.

Each of the unnamed companies was notified and took steps to protect impacted customers, the AG’s office said in a statement accompanying a 15-page report on the investigation. All of the companies’ investigations into the matter revealed that most of the attacks had not previously been detected, and each company either implemented or made plans to implement additional safeguards, the agency said.

None of the affected organizations were named in the report.

“Businesses have the responsibility to take appropriate action to protect their customers’ online accounts,” New York Attorney General Letitia James said in the statement.

Credential stuffing refers to instances when an attacker relies on username and password combinations stolen from one website to attempt logins to various other websites.

This kind of targeting leverages the bad habit of using one username and password combination across multiple sites. Easily accessible software enables attackers to automate login attempts on a

Read More: