Credential stuffing

What is Credential Stuffing and how can you protect yourself against it?

Cyber-attacks are evolving and becoming more sophisticated every day. One of the latest attacks allows hackers to access members’ accounts using their stolen passwords, via a method known as Credential Stuffing.

Credential stuffing is a type of cyber-attack whereby cyber criminals collect stolen usernames and passwords available on the dark web from previous data breaches, and then attempt to use those credentials on other websites or services. If an affected user uses the same password across multiple accounts, a successful credential stuffing attack could compromise all of their accounts.

To protect against this type of attack, it is important to follow the cyber security advice as given by the Australian Government with 3 easy steps:

• Set up multi-factor authentication to add an extra layer of security to your online accounts.
• Create strong and unique passphrases of 14 or more characters long. These passphrases should be different for each account you hold.
• Install software updates regularly to keep your devices secure.

Please refer to the Australian Government’s best cyber practices and protect yourself online at cyber.gov.au