HUMAN Blog

Credential stuffing and account takeover attacks remain nagging business problems

Written by Alexander Gardner | October 31, 2024

Today, organizations have access to a treasure trove of valuable consumer data. So it’s important for them to operate as responsible stewards of user information, not unaccountable repositories for that data. 

Still, the reality is that organizations often become targets by malicious actors, striving to steal this valuable user data. Consider account takeover (ATO) attacks which target accounts with value such as stored funds, loyalty points that can be converted into money or tangible rewards and personally identifiable information (PII) are all prime targets for bad actors looking to make a profit.

Credential stuffing, which is one of the most commonly used techniques to commit an ATO, is where bad actors use full or partial stolen credentials to log into a legitimate account.

Unfortunately, these attacks continue to be a serious issue. 

In IBM’s 2024 Cost of a Data Breach report, credential stuffing attacks were found to cause on average $4.81 million worth of damage per breach. Verizon’s 2024 Data Breach Investigations Report noted that stolen credentials were involved in 31% of breaches. In October 2022, Microsoft stated that they were blocking 1,287 password attacks every second across their platform.

Compounding these numbers are poor password practices from users themselves. Bitwarden’s 2024 World Password Survey found that 25% of respondents reuse passwords across 11 to 20-plus sites and that 36% incorporate personal information into their passwords.

HUMAN’s own analysis in the Quadrillion report found that, in 2023, the Human Defense platform protected customers from 26 billion fraudulent login attempts and that one in five visits to a login page was an attempted ATO.

 

How do account takeover attacks happen?
Malicious actors use various techniques, such as credential stuffing and cracking or brute force attacks.

Credential stuffing occurs when bad actors have gained access to either full or partial user login credentials, typically acquired from a data breach or illicitly purchased from other cybercriminals. These username and password combinations are then used on high-value websites to try and take over accounts and gain access to the value within these newly targeted accounts. Typically this is done at scale with bot automation, enabling rapid testing of the login credentials.

Cracking or brute force attacks occur when bad actors attempt to guess the password of an account by working through a huge list of words to force their way in. Again, this kind of attack is usually done at scale with automated bots to speed the process. Cracking is one example of why all users should observe best practice to use more complex passwords.

Other techniques include bypassing multifactor authentication (MFA), phishing or social engineering that tricks users into handing over their credentials.

How HUMAN can help
HUMAN helps organizations to secure their online accounts against bad actors, reducing costs associated with fraud and abuse such as loss of revenue and chargebacks, keeping brand reputation high with users and reducing churn.

The Account Protection package protects accounts pre-, at- and post-login. Account Protection can stop automated account takeover by blocking mass credential stuffing and cracking attempts and neutralizing stolen or breached credentials. Sophisticated bots are caught at the account perimeter and advanced threat intelligence analyzes compromised credentials from the latest data breaches and attacks. It enables security professionals to spend less time investigating account takeover attacks and more time focusing on other mission-critical tasks. The solution works with minimal performance impact on an organization’s environment, making use of low-latency calls that keep key processes running optimally.

If malicious attackers do compromise an account such as from MFA bypass, phishing or social engineering, HUMAN helps stop bad actors exploiting legitimate users’ accounts. HUMAN continuously monitors account activity or unusual behavior that deviates from typical usage by the legitimate owner. For example, logging in from a new device in a new location, changes to account security configuration, or logging in at a new time of day. When HUMAN detects a compromised account, automated, customizable actions quickly intervene to neutralize and remediate according to the organization’s requirements.


Learn more about how HUMAN can help your organization reduce account fraud and credential stuffing attacks and safeguard users’ personal data.