Credential Stuffing Preys on Those with Repetitive Usernames and Passwords

The act of credential stuffing is quickly becoming a larger problem as scammers are more easily able to buy usernames and passwords in bulk on the dark web.

Scammers employ credential stuffing by taking those bulk usernames and passwords and then jamming that data into websites using an automated hacking tool. Fraudsters are successful when people use the same login information over multiple accounts.

Tyler Russell with Better Business Bureau Northwest and Pacific said the most high-profile instance of credential stuffing was with Disney+ accounts last year. Hackers changed account passwords, locking users out of their own accounts, and then sold those accounts for as low as $3.

"Hackers are relying on the fact that most people use repetitive usernames and passwords across multiple accounts." explained Russell, "So it's critical to practice good password safety, which means using different passwords for all of your online accounts."

Using different numeric symbols across all of your passwords and using a password phrase, that nobody else would know, are also great ways to protect yourself online.

"Avoid saving payment information on your online accounts." added Russell, "If you have to, use one card for online shopping, and make it a credit card. Credit card companies often have more protections than a debit card, and (credit cards aren't) a direct line to your cash."

Remember to delete old accounts. Also, be aware of emails stating that someone is trying to gain access to your account. Although some of these could be legitimate, they also can be a type of phishing scam.