Was it a Breach or Credential Stuffing? The Difference Matters
Posted March 25, 2021
- Breaches are expensive and time consuming. They usually spark a mad dash to shore up cybersecurity defenses, implement new security and access policies, and lock down sensitive data. And then there is the damage to the company’s brand and the trust of their customers.
- But what if it wasn’t actually a breach? According to headlines, Zoom and Nintendo both suffered major breaches in 2020. In reality, they were never breached. Their customers were the victims of credential stuffing attacks.
- A breach exploits the company’s failure to protect its data. A credential stuffing attack is the result of consumers’ failure to protect themselves.
- Both breaches and credential stuffing attacks will continue to happen, and it’s important for victims – both the companies and their end users – to recognize the difference so they can respond appropriately.
- Consumers have a role to play to protect themselves: Stop reusing passwords across multiple accounts. Millions of people do this, and it is a cyber-criminal’s dream come true. All a bad actor has to do is get your credentials from one account with weak security to have access to everything else.
– Olivia Fryt | March 25, 2021