Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts

Other | 08/18/2022

The FBI is highlighting significant details about proxies1 and configurations2 used by cyber criminals to mask and automate credential stuffing attacks on US companies, resulting in financial losses associated with fraudulent purchases, customer notifications, system downtime and remediation, as well as reputational damage. Credential stuffing attacks, commonly referred to as account cracking, apply valid username and password combinations, also known as user credentials or “combo lists”, from previously compromised online resources or data leaks. Malicious actors utilizing valid user credentials have the potential to access numerous accounts and services across multiple industries – to include media companies, retail, healthcare, restaurant groups and food delivery – to fraudulently obtain goods, services and access other online resources such as financial accounts at the expense of legitimate account holders. The FBI acknowledges the Australian Federal Police for their assistance collecting the information included in this Private Industry Notification.

To read more, please log in