Study finds hackers targeting loyalty programs

New data out from Akamai finds a growing number of attacks on brands’ loyalty programs. Since 2018, in fact, their data shows more than 63 billion credential stuffing attacks in the hospitality, retail, and travel industries, and they are no longer only relying on the most recent password combination lists.

According to Akamai, since the pandemic began and people took more of their lives online, from how they shopped to work routines, cybercriminals have begun recirculating old password combination lists; this is in addition to newer lists from the dark web. These new efforts to defraud should serve as a reminder not only to consumers but to businesses to encourage people to update and upgrade passwords and other sensitive credentials.

“Criminals are not picky – anything that can be accessed can be used in some way,” said Steve Ragan, Security Researcher and Author of State of the Internet/Security Report, Akamai. “This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information, too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.”

Other interesting findings from the Akamai report include:

• From July 2018 to June 2020 Akamai saw more than 100 billion credential stuffing attacks
• 90% of attacks from the commerce category targeted retail
• 41% of attacks SQL Injection and Local File Inclusion
• 83% of attacks using SQL Injection/Local File Inclusion targeted retail

“All businesses need to adapt to external events, whether it’s a pandemic, a competitor, or an active and intelligent attacker,” said Ragan. “Some of the top loyalty programs targeted require nothing more than a mobile number and numeric password. . .there is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.”

More data from Akamai’s report can be accessed here.

This article originally appeared in BizReport.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

Fire Drills - Why Typical Responses to Corporate Debacles Don't Actually Put Out Fires

Next Article

6sense Launches Enhanced Account-Based Reporting

Related Posts

Subscribe to TheCustomer Report

Customer Enlightenment Delivered Daily.

    Get the latest insights, tips, and technologies to help you build and protect your customer estate.