Get stuffed: why credential stuffing attacks are so impactful
Hi all,
The hacker responsible for launching a credential stuffing attack against biotechnology company 23andMe to steal users’ personal data has leaked more data stolen in the cyber attack via the dark web.
The data leaked to the notorious dark web forum, BreachForums, includes the genetic data profiles of 4.1 million people across Great Britain and Germany. The hacker, who uses the alias Golem, said that the data belongs to “the wealthiest people living in the US and Western Europe on this list”, including the British royal family, the Rockefellers and the Rothschilds, however this statement has not yet been confirmed to be true. A 23andMe spokesperson told TechCrunch that the company is “reviewing the data to determine if it is legitimate”.
23andMe has confirmed that the data was stolen via a credential stuffing attack. The company has also said that an investigation into the cyber attack has revealed that there is no evidence of a cyber security incident on their IT systems. Those who had their data stolen had opted in to the ‘DNA relatives’ feature, which allowed the malicious actor to scrape their data from their profiles. Golem has claimed that they were able to steal “hundreds of TBs of data” from the company.
Below, Cyber Security Hub takes a look at credential stuffing attacks, their impact and how to prevent them:
23andMe suffers credential stuffing cyber attack
Learn more about the initial data leak following the 23andMe credential stuffing attack on October 6 here.
How carding can affect your business
Malicious actors can also use credential stuffing to gain access to payment card data. Learn what carding is and the impact it can have here.
Hot Topic hit by wave of cyber attacks
Between February to June of 2023, retailer Hot Topic suffered a wave of credential stuffing cyber attacks. Learn more about the cyber attacks and how they were discovered here.
领英推荐
The top 8 password attacks and how to defend against them
In The top 8 password attacks and how to defend against them, cyber security expert Alex Vakulov shares how to avoid credential stuffing attacks, among other threat vectors. Read the article to discover how to stop malicious actors gaining access to your passwords.
Data of 2.6 million Duolingo users posted on the dark web
Data scraping can allow malicious actors to gain steal personal data once they have used credential stuffing to access a network. In August of this year, a malicious actor used data scraping to steal the data of 2.6 million Duolingo users. Find out more here.
All Access: Generative AI in Cyber Security
Join the network
Cyber Security Hub (www.cshub.com) provides key insights for all those within the cyber security industry. If you want to join us…