Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Study finds hackers targeting loyalty programs

New data out from Akamai finds a growing number of attacks on brands’ loyalty programs. Since 2018, in fact, their data shows more than 63 billion credential stuffing attacks in the hospitality, retail, and travel industries, and they are no longer only relying on the most recent password combination lists.

According to Akamai, since the pandemic began and people took more of their lives online, from how they shopped to work routines, cybercriminals have begun recirculating old password combination lists; this is in addition to newer lists from the dark web. These new efforts to defraud should serve as a reminder not only to consumers but to businesses to encourage people to update and upgrade passwords and other sensitive credentials.

“Criminals are not picky – anything that can be accessed can be used in some way,” said Steve Ragan, Security Researcher and Author of State of the Internet/Security Report, Akamai. “This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information, too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.”

Advertisement

Other interesting findings from the Akamai report include:

• From July 2018 to June 2020 Akamai saw more than 100 billion credential stuffing attacks
• 90% of attacks from the commerce category targeted retail
• 41% of attacks SQL Injection and Local File Inclusion
• 83% of attacks using SQL Injection/Local File Inclusion targeted retail

“All businesses need to adapt to external events, whether it’s a pandemic, a competitor, or an active and intelligent attacker,” said Ragan. “Some of the top loyalty programs targeted require nothing more than a mobile number and numeric password. . .there is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.”

More data from Akamai’s report can be accessed here.


This article originally appeared in BizReport.

Author

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Post

Fire Drills - Why Typical Responses to Corporate Debacles Don't Actually Put Out Fires

Next Post

6sense Launches Enhanced Account-Based Reporting

Advertisement

Subscribe to Customerland

Customer Enlightenment Delivered Directly to You.

    Get the latest insights, tips, and technologies to help you build and protect your customer estate.