Credential Stuffing
Australian pension funds hit by wave of credential stuffing attacks
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. The Association of Superannuation Funds of Australia (ASFA), Australia’s advocacy body for the superannuation industry, said today that “a number of members were affected” even though the “majority of the attempts were repelled.” Reuters has learned […]
New Atlantis AIO platform automates credential stuffing on 140 services
A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. Specifically, Atlantis AIO features pre-configured modules for these services to perform brute force attacks, bypass CAPTCHAs, automate account recovery processes, and monetize stolen credentials/accounts. Credential stuffing and automation Credential stuffing […]
PayPal to pay $2 million settlement over 2022 data breach
New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state’s cybersecurity regulations, leading to a 2022 data breach. The Department of Financial Services (DFS) action says that threat actors took advantage of security gaps in PayPal’s systems to conduct credential stuffing attacks that provided access to sensitive […]