New York AG Finds 1 Million Customer Credentials Compromised at Online Retailers
More than 1 million customers’ passwords at 17 major retailers have been compromised in what’s known as “credential stuffing” attacks, New York Attorney General Letitia James said, warning businesses to take extra precautions.
James said that an investigation by her office had uncovered the cyberattacks, in which hackers take usernames and passwords stolen from other online services, and use those, with the help of automated computer programs, to attempt to log in to businesses. Many people use the same password for multiple online sites, making the credential stuffing possible.
The attorney general’s office alerted the 17 companies about the compromised accounts and each retailer took steps to protect the accounts, James said.
She also posted a guide for businesses to help prevent credential stuffing and other cyber attacks.
“Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing,” James said in a news release.
The guide recommends that businesses tighten security in a number of ways, such as requiring multi-factor authentication for online accounts; employing bot-detection software and services; using password-less authentication; and requiring re-authentication at the time of purchase, such as requiring customers to re-enter credit card numbers and security codes.
Was this article valuable?
Here are more articles you may enjoy.
Interested in Retail?
Get automatic alerts for this topic.