NY AG notifies 17 companies of breaches, says 1.1 million accounts compromised in attacks

Seventeen companies have been informed of cyberattacks that compromised user information by New York Attorney General Letitia James following an investigation into credential stuffing. More than 1 million customer accounts were compromised due to the attacks, which James said were previously undetected. 

James said her office was releasing a guide for businesses on how they can deal with credential stuffing attacks, noting that the practice has “quickly become one of the top attack vectors online.” The 17 businesses affected include well-known online retailers, restaurant chains, and food delivery services.

The FBI said last year that credential stuffing attacks — which involve repeated, automated attempts to access online accounts using usernames and passwords stolen from other online services — have been used to compromise 50,000 online bank accounts since 2017. Akamai released a report last year that found over 193 billion credential stuffing attacks occurred globally in 2020. 

“Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users’ personal information stand in jeopardy,” said James. “Businesses have the responsibility to take appropriate action to protect their customers’ online accounts, and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We

Read More: https://www.zdnet.com/article/ny-ag-notifies-17-companies-of-breaches-says-1-1-million-accounts-compromised-in-attacks/#ftag=RSSbaffb68