Partner Article

O2 becomes the victim of credential stuffing

It was revealed this week that O2 customer data is being sold by criminals on the dark net. The data, which includes names, phone numbers, email addresses and passwords, appears to have been obtained by hackers logging onto O2 accounts using credentials that were initially stolen from gaming website XSplit in November 2013. The hackers used a technique known as credential stuffing, which sees criminals use software to repeatedly attempt to gain access to customers’ online accounts using stolen login details.

“This is a clear example of the collateral damage caused by stolen credentials,” said Ross Brewer, VP and MD of EMEA at LogRhythm. “Credential stuffing will undoubtedly become a much bigger threat for organisations over the next few years as it becomes easier for hackers to get their hands on personal information, such as usernames, passwords and email addresses, dumped on the dark web. As organisations become better at blocking traditional brute force attacks, hackers are changing their tactics, using automation tools to determine which, out of all the credentials they have, can unlock the doors to more confidential and sensitive information.”

Brewer continued: “This breach should act as a warning to businesses not to rely solely on traditional perimeter tools, which won’t detect a “seemingly normal” log-in attempt. Previously hackers have had to spend time and effort working out which stolen credentials are valuable, but they now have the tools to identify these instantly, and businesses need to be prepared to be targeted much more successfully.

“It’s more important than ever that businesses use security intelligence so that they can identify behaviour that can point towards unauthorised log-ins resulting from new trends, such as credential stuffing. Hackers nowadays will get in, however, with full visibility and correlation, businesses will be able to ensure that hackers are stopped in their tracks before any damage has been done,” concludes Brewer.

This was posted in Bdaily's Members' News section by LogRhythm .