Search:

Recent Posts

Popular Topics

Contributors

Archives

Legal developments in data, privacy, cybersecurity, and other emerging technology issues

Posts from January 2022.

Last week, the New York Attorney General’s office offered guidance regarding credential stuffing, a common and costly attack on businesses and consumers, in which threat actors repeatedly attempt to log in to online accounts using usernames and passwords stolen from other online services.  Credential stuffing takes advantage of three aspects of the online ecosystem:  (1) most online accounts utilize usernames and passwords; (2) a steady flow of data breaches has resulted in billions of stolen credentials being leaked onto the dark web for other threat actors to exploit; and (3) consumers tend to reuse the same passwords across multiple online services. 

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.