Effects of Credential Stuffing on Business Enterprises
Abstract
This study examined the effects of credential stuffing on business enterprises. Credential stuffing is the act of gathering login credentials of people who use the same credentials across multiple digital assets. Once the login credential are obtained hackers can access emails and social media assets, make fraudulent purchases, and obtain personal information of the victim which they can use to launch attack. Data for study were collected from reports by reliable cyber security companies that include Microsoft Corporation, IBM, Google, F5 labs, Imperva and Crowdstrike Holdings Inc. The findings identified steps of credential stuffing to include the attacker obtaining leaked credentials from data breach, using software to test the stuffing against different websites and mobile applications, gaining access to the target’s system and taking over the digital assets of the victim to extract personal information, credit card detail, or email. The ways to prevent credential stuffing include avoiding the use of login credentials for multiple digital assets, strong and complex login credentials, multifactor authentication, regular security training of staff on threat identification, having cyber security experts as partners, establishing incident response team and using behavioural analytics smart devices.
