This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Credential Stuffing: Who Owns the Risk?
Kasada was recently in the news after identifying a credential stuffing campaign targeting Australian retail, fast food, and entertainment outlets. The discourse around this type of reporting – and responses from affected companies – usually contain the same few statements: “A small number of accounts were affected” and “Customers should ensure they do not reuse passwords across multiple sites.” This shifting of risk to affected customers, regardless of the number of accounts impacted, highlights a tension within cybersecurity, that of balancing security and usability.
Why credential stuffing still occurs
Security is a team sport. When everyone plays their part, we raise the effort required for a criminal group to successfully bypass security controls. Credential stuffing and account takeover attacks are often the visible effects of someone not playing at the top of the game.