Search:

Recent Posts

Popular Topics

Contributors

Archives

Legal developments in data, privacy, cybersecurity, and other emerging technology issues

Posts in Infosec Plan.

Last week, the New York Attorney General’s office offered guidance regarding credential stuffing, a common and costly attack on businesses and consumers, in which threat actors repeatedly attempt to log in to online accounts using usernames and passwords stolen from other online services.  Credential stuffing takes advantage of three aspects of the online ecosystem:  (1) most online accounts utilize usernames and passwords; (2) a steady flow of data breaches has resulted in billions of stolen credentials being leaked onto the dark web for other threat actors to exploit; and (3) consumers tend to reuse the same passwords across multiple online services. 

Jump to Page

By using this site, you agree to our Privacy Policy and our Disclaimer.