MDIS Blog

Main Menu

MENUMENU
  • Business & Management
  • Engineering
  • Fashion & Design
  • Life Sciences
  • Media & Communications
  • Psychology
  • Information Technology
  • Tourism & Hospitality
  • Nursing
  • Languages
  • College
  • Events
  • MDC
  • + Become A Contributor

logo

Header Banner

MDIS Blog

MENUMENU
  • Business & Management
  • Engineering
  • Fashion & Design
  • Life Sciences
  • Media & Communications
  • Psychology
  • Information Technology
  • Tourism & Hospitality
  • Nursing
  • Languages
  • College
  • Events
  • MDC
Information TechnologyFeatured Post
Home›Information Technology›Credential Stuffing and Its Potential Impact

Credential Stuffing and Its Potential Impact

By Yu Chang Teo
5th August 2020
317
0
Share:

You are your biggest security breach.

As of April 2020, there are 4.57 billion active internet users online, 4.2 billion unique mobile internet users, 3.81 billion active social media users and 3.76 billion active mobile social media users which brings us to a grand total of 16.34 billion users (Statista, 2020). Considering that there are 7.77 billion (WorldoMeter, 2020) people living in the world, that’s twice the number of the entire human population on earth. These 16.34 billion users have different accounts and passwords that could potentially be breached by hackers.

Now, many of you reading this might disagree and say that your social media account providers or your internet banking services have the latest security measures and promised to keep you and your data safe. So what’s there to worry about? True enough, many corporations do have existing security measures set in place to keep your accounts safe, preventing your accounts and passwords from being attacked by malicious hackers.

But, are your passwords different from one another? Do all of your accounts use a different, unique password each containing a different passphrase?

If the answer is no, you are indirectly putting your accounts at risk.

One password for multiple accounts.

Many internet users online use weak or duplicates of their passwords for different accounts across the web. Usually due to being more convenient as well as being less of a hassle coming up with new and strong passwords over and over for every single online account.

Having duplicate passwords on multiple accounts might put you at risk in the form of password attack known as Credential Stuffing.

Credential Stuffing. What is it and how does it affect me?

Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. Large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes. (OWASP, 2020)

For example, a particular user has accounts on Gmail, Facebook, Instagram and an online shopping account each sharing the same ID and Password. The online shopping website might have been unsecured and your shopping account credentials got leaked. Here’s where the attacker will strike.

Anatomy of Attack (OWASP, 2020)

  1. The credentials got acquired by an attacker on a breached website.
  2. The attacker will then use botnet* to test the stolen credentials against many websites.
  3. Having gained a successful login (usually 0.1 – 0.2% chance of success). The attacker manages to take over another account with matching credentials.
  4. The attacker drains the stolen account of stored information/ value.
  5. The attacker may also use account information for other nefarious purposes.

Botnet* – A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them.

How do I prevent this?

Credential Stuffing can be prevented if proper measures are taken. According to Owasp, here are the methods of prevention. (OWASP, 2020)

  1. Multi-Factor Authentication
  2. Secondary Passwords, PINs and Security Questions
  3. Device Fingerprinting
  4. Require Unpredictable Usernames
  5. Block Headless Browsers

Credentials and account security should be your responsibility too.

If proper security measures are taken and malicious websites are avoided. You too can avoid being a victim of Credential Stuffing.

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0
Yu Chang Teo

Yu Chang Teo

Yu Chang is a student from the MDIS School of Technology pursuing the a Higher Diploma in Ethical Hacking and Forensic Investigations Countermeasures. He believes that in a world with an ever-changing technological landscape, it is important keep up to date with the associated technologies and the methodologies. He aspires to work in the line of cyber security and forensics in the future, and his journey into cyber security at MDIS has been enlightening and interesting.

Related articles More from author

  • Humanities
    CollegeFeatured Post

    Beyond the Classroom: Humanities (Part 2)

    23rd July 2018
    By Gayathrii Nathan
  • Internet thing
    Information TechnologyFeatured Full Width Slider

    What if people could connect with objects too?

    9th September 2017
    By MDIS
  • healthy food guide
    Featured PostFeatured Full Width SliderTourism & Hospitality

    Healthy Hawker Foods: Local Food to keep your waistline in check

    16th November 2017
    By Jireh Tay
  • Vietnamese Food
    Featured Full Width SliderFeatured PostTourism & Hospitality

    Flavours of Vietnam

    26th September 2018
    By MDIS
  • SOT
    Information TechnologyFeatured BK Video

    MDIS School of Technology

    24th January 2018
    By MDIS
  • gadget for students
    CollegeFeatured Post

    Top Gadgets for College Students

    23rd December 2017
    By Alex Lim

Leave a reply Cancel reply

You may also like

  • career management
    Career ManagementFeatured Full Width SliderFeatured Post

    Managing Millennials at the workplace

  • right course
    Business & ManagementFeatured Full Width SliderFeatured Post

    Top 5 Tips on choosing the right course with MDIS

  • Psychology students
    PsychologyFeatured Full Width SliderFeatured Post

    Should I study Psychology? Here are the Top 6 traits of Psychology students

Categories

  • Business & Management (20)
  • Career Management (14)
  • College (15)
  • Engineering (9)
  • Events (25)
  • Fashion & Design (24)
  • Featured BK Row (54)
  • Featured BK Video (10)
  • Featured Full Width Slider (53)
  • Featured Post (72)
  • Information Technology (23)
  • Languages (14)
  • Life Sciences (17)
  • Lifestyle (2)
  • MDC (12)
  • Media & Communications (25)
  • Nursing (4)
  • Psychology (7)
  • Safety Management (4)
  • Tourism & Hospitality (21)
  • Uncategorized (6)
  • Popular

  • Comments

  • Four Types of Suicides

    By MDIS
    30th March 2020
  • cyberbullying singapore

    Responding to Cyberbullying

    By Gayathrii Nathan
    14th March 2018
  • Wonder Woman 1984 Movie Screening

    By MDIS
    29th October 2020
  • Avatar
    Spectrum Internet
    on
    13th January 2021

    Wonder Woman 1984 Movie Screening

    Wonder Woman 1984 is ...
  • Avatar
    mekotgsjun
    on
    16th December 2020

    The Smart Local (TSL) plays Amazing Race at MDIS

    Muchas gracias. ?Como puedo ...
  • Avatar
    Amrit
    on
    8th December 2020

    How a right Master of Business Administration (MBA) can benefit your career

    I read a lot ...

Follow us on Instagram

Load More…
MDIS Instagram

Archive

  • 29th October 2020

    Wonder Woman 1984 Movie Screening

  • 23rd October 2020

    Quarantine and its Health Effects

  • 10th October 2020

    Learning Online 163 kilometers away from School

  • 2nd October 2020

    Hepatitis A

  • 28th September 2020

    7 Relevant Skills for the Future of our Connected Economy

Subscribe to Our Blog

Name *

Email *

TAGS

  • virtual learning
  • cardiovascular diseases
  • mba graduate
  • technology
  • behavioural safety
  • covid-19 jobs
  • fossils
  • crystals
  • covid-19
  • life sciences
  • pigs
  • learning platfroms
  • inter-personal intelligence
  • Relationship Management
  • safety management
  • phishing
  • workplace safety
  • cyber security
  • choosing the right career
  • intra-personal intelligence
  • dinosaur
  • elevate your employability
  • Social Awareness
  • mdis student life
  • emotional intelligence
  • top jobs in singapore
THINK SUCCESS. THINK MDIS.
Copyright© 2020. MDIS Blog. All Rights Reserved.
     
Where lifelong learning begins