Thanks to the newly coined term, “credential stuffing”, there are millions of Zoom accounts for sale on the dark web. Here’s what you should know about this common way for hackers and online criminals to break into these accounts, and how you can protect yourself.
What is Credential Stuffing?
“Credential stuffing” involves using databases of leaked login details, say from popular online services, where criminals often exploit the security flaws in systems to acquire usernames and passwords, and then trying to log in with them on other online services. Many people reuse the same password on multiple websites, so some will match.
And that’s all it is—trying already leaked credentials on other services and seeing what works. In simpler terms, “hackers” stuff all the login usernames and passwords into the login forms and see what happens. Chances are many of them will work.
How to Protect Yourself
Protecting yourself from credential stuffing can be fairly simple and involves following the same password security practices that we always recommend:Our team is not only dedicated to offering expert technical knowledge for your business. That is not enough. We offer you a trusted business partner that looks out for your business as if it were our own. Constantly striving to find solutions that work for your technical needs, your budget, and your staff. Contact us or call (850) 601-5566 to get started!
Avoid reusing the same passwords for each username:
Use a different password for each account you use online. That way, even if your password gets leaked, it can’t be used to sign in to other places. Cybercriminals can try to stuff your credentials into other login forms, but they won’t work if you have unique passwords for each account.
Password Managers are a lifesaver:
Remembering each unique password you use is nearly impossible. We recommend using a password manager to remember your passwords for you. It can even generate those strong passwords from scratch. Some options to look into here.
Two-Factor Authentication is our friend:
By enabling two-factor authentication, you have to provide a code generated by an app or sent to you via text message each time you log in to a website. Therefore, if an attacker has your username and password, they won’t be able to sign in to your account if they don’t have that particular code.