Credential stuffing and resold accounts on the dark web

This month several databases including databases claiming to be from targeted attacks of companies like o2 and other providers has surfaced on the dark web. o2 is denying that there has been any data breach and are citing the cause as a likely incident of Credential stuffing. Credential stuffing is an attack where the attacker take previously known leaked credentials and cross reference them against other services. Many companies are now experiencing similar types of attacks where we have mega breaches and criminal organizations are working as fast as possible to reuse old credentials after the original breach is discovered so their hacking investment has not gone to waste and the maximum amount of value is extracted.

What can one do to protect yourself? Often it’s very difficult to stop this outright if a customers credentials are identical and you’re using traditional passwords for authentication. A great way to thwart these attacks is to turn on mandatory 2FA for your customers. A next step would be acquiring these breach lists and doing a internal comparison of customer passwords by hash, and forcing a password reset if you’re worried about two factor authentication running over a side channel. In summary just because a competitor or an unrelated company is compromised doesn’t mean it can’t affect you.