Free, SFR, Boulanger, Auchan, Picard, or even Truffaut and Direct Assurance, data thefts have exploded in recent months in France. While each case is of course different, one tactic seems to have been favored by hackers: “credential stuffing”. Here's how it works.
An effective method
Concretely, malicious actors will use identifiers (user names, email addresses, passwords, etc.) that have previously been stolen from a service. It must be said that many users reproduce the same passwords on different platforms, so this technique often proves profitable.
This method has clearly proven its worth, as Benoit Grunemwald, the director of public affairs at ESET France, explained to our colleagues at 01Net :
After a data breach, cybercriminals collect thousands of emails and use automated programs to test them on multiple sites. A reused single password becomes a backdoor to your entire digital life, especially if that access opens your email. It then becomes possible to reset passwords easily.
Of course, cybercriminals do not perform these maneuvers by hand, as it would take too much time. They automate this process using scripts and bots that allow a very large number of combinations and services to be tested in a very short time.
01Net cites in particular the example of the cyberattack which recently targeted Picard. Using Credential Stuffing, hackers managed to steal the personal data of 45,000 customers who were members of the brand's loyalty program. The same process was used during the intrusion of the Family Allowance Fund (CAF) last August.
How to better protect yourself?
Faced with this now very concrete risk, it is important to adopt the right reflexes. The most important thing is to vary your passwords to avoid making it easier for cybercriminals.
It is clear that this task is not always easy. To help you, you can use password managers. We have also put together a guide for you which lists the main offers on the market.
Another option not to be overlooked: two-factor authentication. Indeed, in the case of credential stuffing attacks, if you have activated this tool, you will be immediately notified of the intrusion attempt and will be able to act accordingly.
Finally, and if you have any suspicions, do not hesitate to go to the HaveIbeenPwned site. By entering your email, you will see if your credentials have been compromised in a known data breach.
???? To not miss any news from Presse-citron, follow us on Google News and WhatsApp.
Pair : Bitdefender
Related News :