New York AG Warns 17 Firms of Credential Attacks

Sponsored: Password security is highlighted in attorney general warning to New York state businesses.

New York Attorney General Letitia James reported 1.1 million credentials tied to 17 “well known” state businesses were compromised in recent cyberattacks.

According to the alert, many of the firms were unaware that that their customer’s passwords had been compromised. The bulletin was issued January 5 and part of what appears to be a public awareness campaign around credential stuffing.

Cybersecurity tied to employee and customer passwords (also referred to as credentials) are often a security soft spot for companies and the door used by adversaries to infiltrate a business. The management of credentials, according to James, needs to be a central focus in thwarting so-called credential stuffing attacks.

“Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users’ personal information stand in jeopardy,” James said. “Businesses have the responsibility to take appropriate action to protect their customers’ online accounts.”

Employees Reuse Consumer Service Passwords for Work 

Often for companies, credential stuffing and password management is perceived as a company-specific issue. However, given that employees reuse passwords for work and consumer services the scope

Read More: