It is important to use unique passwords and passphrases for each of your accounts to protect your accounts from cyber attacks like credential stuffing. Credential stuffing is a common scam used by cyber criminals to easily gain access to multiple accounts belonging to a single user. It’s important to protect your accounts and know the steps to take if you become a victim of a credential stuffing attack.
What is credential stuffing
Credential stuffing is an easy way for cyber criminals to compromise accounts and sensitive information. It’s an automated cyber attack method that uses stolen credentials from one website to gain unauthorized access to other accounts that share the same username, email, and password combination (credentials). If a cyber criminal steals your credentials used on multiple websites, they can:
- access other accounts using the same credentials
- change passwords on all accounts - even those they do not have immediate access to
- if a cyber criminal accesses the email used to set up other accounts, even accounts that have different passwords, they can use the “forget password” feature
- steal personal information, like the answers to your security questions, to gain access to more restricted accounts
- make purchases using saved financial information
While reusing the same passwords on different accounts might seem tempting, it can leave you vulnerable to this kind of attack. But there are simple preventative measures you can take to keep your accounts safe, while still easily remembering your unique credentials.
How to prevent getting compromised
Consider the following preventative cyber security measures to protect your accounts from credential stuffing attacks:
- Use strong and unique passwords for each account
- Use passphrases instead of passwords
- Use a password manager to organize and remember passwords for each account
- Enable multi-factor authentication (MFA) where possible
- Don’t save financial or sensitive information to accounts
- Don’t use the ‘remember me’ or auto-fill features for websites to save your information
- Don’t share personal information on social media that could compromise your account security questions (like the name of the street you grew up on)
What to do if you are compromised
If you suspect one or more of your accounts has been compromised, follow these steps:
- Immediately update your passwords or passphrases on accounts using the compromised credentials
- Check your credit card and bank account statements for any suspicious activity
- Report any fraudulent financial activity to your financial institution
- Notify contacts that could be impacted by the attack (for example if a phishing message was sent from your account)
- Report the fraudulent activity to your local police and the Canadian Anti-Fraud Centre
Cyber criminals are continuously advancing in their attack methods. Credential stuffing is an increasingly common scam because they easily catch victims with low account security. Don’t make it easy for them. Understanding what credential stuffing is and following these simple steps will help protect your accounts from cyber criminals trying to take control over your online identity.
For more information on credential stuffing watch our explainer video!