Online Shoppers Could Face Eight Million Credential Stuffing Attacks Per Day Over Christmas
Online shoppers in the UK will be hit by up to eight million credential stuffing attacks per day in the Christmas period, according to a new analysis by Arkose Labs.
The worrying prediction was made following a massive spike in this attack vector, largely due to the shift to online shopping during COVID-19. Arkose researchers observed more than two billion credential stuffing from October 2020 to September 2021, representing a 98% increase on the previous year. Astonishingly, they found this activity made up 5% of all online traffic in the first half of 2021.
According to the analysts, credential stuffing rose by 56% during last year's Christmas and New Year shopping period. This enabled them to calculate that consumers will face up to eight million attacks every day in the same period this year.
Credential stuffing is where fraudsters attempt to gain unauthorized access to consumers’ financial and personal accounts by automating known stolen username and password combinations across multiple sites. Once inside, the attackers can monetize the account in numerous ways. These include draining compromised accounts of funds, stealing and reselling personal data, selling lists of known