Retailers top credential stuffing targets


By Dylan Bushell-Embling
Thursday, 28 February, 2019
Retailers top credential stuffing targets

Retailers have become the top target worldwide for credential stuffing attacks, involving the use of bots to try stolen login information across the web, according to Akamai’s latest State of the Internet – Security report (PDF).

Hackers attempted credential abuse at retail sites more than 10 billion times from May to December last year alone, the report found.

Attackers are using sophisticated all-in-one bots that allow them to target more than 120 retailers at once with stolen login credentials.

These bots are multifunction tools that often use a number of evasion techniques to avoid detection.

While the retail sector is the top target, media and entertainment properties are notable credential abuse victims as well, with attackers targeting them in an attempt to obtain the personal information registered on the sites. This type of data has high resale value on the black market.

The report also identified significant numbers of credential abuse attacks against financial services, hotel and travel, and consumer goods sites.

“The techniques change, but the motivation remains the same: greed,” commented Martin McKeay, Security Researcher and Editorial Director of the State of the Internet – Security report.

“Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: apparel sites are targeted the most.”

Meanwhile, the report also identified security concerns related to the growing preponderance of web traffic. Akamai research suggests that API calls represent 83% of web traffic, with the majority of traffic being for custom applications.

Because some security tools are not equipped to manage API traffic, this growth should be an important factor for security teams when considering risk.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Illumio launches AI-powered threat detection platform

The Illumio Insights threat detection solution is designed to help organisations rapidly detect...

GenAI 'grey bots' scraping data from websites

Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...

Tanium partners with DXC on endpoint management

Tanium has secured a partnership agreement with DXC that will leverage the company's...

Content from other channels on our network

Corn protein boosts lithium-sulfur battery performance

New method to stop electronics from overheating

Novel, non-toxic synthesis method for MXene

Novel design for flexible thermoelectric semiconductor

Computational model enhances battery safety

Motorola Solutions launches AI platform for police

Perth’s new rail network control centre ready for operations

NSW testing new Digital Photo Card

Sunshine Coast Council deploys AI avatar for customer service

Queensland transitions to new digital identity system

2degrees and Nokia accelerate 5G delivery in NZ

Surf Life Saving NSW and Babcock partner on long-range drones

Why traditional transformation approaches fail field workers

Smart drones used to monitor Melbourne water catchment

'World-first' 5G standalone slice handover across borders

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd