Admit it. Most of us are guilty of using the same username and password on multiple accounts – it’s just so much easier to remember. But here’s the thing, that one simple short cut puts you at a much higher risk of getting hacked than ever before through a new method called “credential stuffing.”
Here’s how it all started. These days con-artists gain access to our passwords and usernames in lots of different ways. They target large databases containing thousands, sometimes millions, of records at a time. Those records show up for sale on the dark web and, voila, your info is up for grabs.
But what is this dark web? The Federal Trade Commission explains the dark web as places on the internet not indexed by traditional search engines, so it operates beneath the radar.
The dark web is basically the internet equivalent of the black market; it’s where criminals illegally selling consumer data and other illegal goods and information tend to congregate. So, when your information ends up here, what happens to it?
Scammers buy usernames and passwords in bulk and then perform what’s called, “credential stuffing”. Credential stuffing is when hackers take a large list of usernames and passwords and jam them into websites using an automated hacking tool.
For example, at the end of last year there were reports of hackers credential stuffing to gain access to thousands of Disney+ accounts; once in, they could change passwords and lock users out of their own accounts. It was then reported that these accounts were being sold online for as low as $3.
But it happens more often than we think. Credential stuffing affects many types of online accounts. According to Shape Security, 90% of login attempts on retail websites are fraudulent. Which for the average consumer can be mind-blowing when you think of how many accounts you have out there. So now it’s time to protect yourself.
Hackers rely on the fact that most people use repetitive usernames and passwords across multiple accounts. So, it’s critical to practice good password safety, which means at least use different passwords for all your online accounts.
Also, while it may be harder to remember, you should make your passwords long with a mix of letters, numbers and symbols. Also, if it is an option, always use two-factor verification; it’s an extra layer of security that only allows user access after multiple steps are performed. This means just a password will not suffice.
Other things to consider:
w Avoid saving payment information on your online accounts. If you must, use one card for online shopping and make it a credit card. Credit card companies often have more protections than a debit card and isn’t a direct line to your cash.
w Delete old accounts: If you’re no longer going to use an account or service, delete the account altogether. These old accounts often go forgotten but if it’s tied to a password you’re using elsewhere, hackers may be able to access it or even access new accounts using the old information.
w Be aware of emails stating someone is trying to access your account. These can be legitimate, and you’ll need to take action. But they can also be a phishing scam. Take an extra look and who is sending the email, what information is included? Does anything look suspicious (logos, grammar, etc.), are they asking you to click a link or download an attachment?
Roseann Freitas, marketplace manager Hawaii, Better Business Bureau Northwest + Pacific, 900 Fort Street Mall, Ste. 1310, Honolulu, HI 96813 260-0643, bbb.org Start With Trust®