A man attempting to hack into accounts using a credential stuffing tool with usernames and passwords

Ways to prevent your account from being hacked

Data breaches and compromised accounts happen all too often. Find out what credential stuffing is and learn some tips to avoid your account getting hacked.

With the increasing number of online accounts, mobile apps and home security cameras, consumers should be aware of the potential risks that come with this convenient technology. Home security camera owners have reported unsettling incidents, from a voice on their camera falsely warning of a missile attack to hackers talking to their child through their camera speaker. 

So how are hackers getting in? According to Digital Shadows, a growing list of breached credentials — around 24 billion — are available on the Dark Web. Hackers use these compromised credentials to try to log in to other digital services, such as home security cameras or even baby monitors — and because over 66% of people use the same password across multiple websites and accounts, attackers have found it to be fairly effective.

What is credential stuffing?

Cybercriminals attempt to log in and steal account information using a cyberattack method called credential stuffing — or password stuffing. The hacker uses a bot and a collection of compromised credentials from past data breaches, such as usernames and passwords, to inject the data into login forms. The bot is used for its automation and large scale to gain access to several accounts on various websites or mobile apps. These automation tools are making it more efficient for hackers to quickly find vulnerable accounts.

According to Akamai, a content delivery and cloud service, 193 billion login attempts were detected in 2020. While financial services are a prime target, customers of social media sites, online commerce and streaming platforms also experience this threat.

How can I avoid becoming a victim of a credential stuffing attack?

  • Check if your credentials have been compromised. Visit haveibeenpwned.com to help determine if your account or password were part of a breach. If you haven't already, change the password of any account that uses a password that may have been compromised.
  • Use a unique, strong password everywhere. They should ideally be 12-15 characters and include a combination of uppercase letters, numbers and special characters. A password manager can help generate these passwords for you. It stores them all in one encrypted location, and can automatically insert passwords when you log into sites.
  • Use Multi-Factor Authentication (MFA) when possible. This allows access only after two or more pieces of evidence are presented — usually a password and a generated code that is sent to the user by phone, text or email during login.

How can I protect myself from extortion attempts?

In addition to hacking into users' accounts, bad actors are increasingly using stolen credentials in extortion attempts. It's not uncommon to receive an email claiming to be from someone who used your credentials to hack into your computer. The email often includes your password as proof that they've broken into your account, and demands a ransom paid in Bitcoin.

The Federal Bureau of Investigation (FBI) Internet Crime Compliant Center (IC3) reported 39,360 extortion scams in 2021, with losses totaling over $60 million. Here are some ways to help protect yourself:

  • Do not open email or attachments from unknown individuals.
  • Regularly monitor your bank account statements and credit report at least once a year for any fraudulent activity.
  • Do not reply to unsolicited email senders.
  • Do not store or share sensitive or embarrassing photos of yourself online or on your mobile devices.
  • Use strong and complex passwords and do not use the same password for multiple websites.
  • Never provide personal information of any sort via email. Be aware that many emails requesting your personal information appear to be legitimate.
  • Ensure security settings for social media accounts are turned on and set at the highest level of protection.
  • Verify the web address of legitimate websites by verifying the URL prefix includes https, or the status bar displays a "lock" icon — and manually type the address into your browser.

New data breaches are making headlines on a regular basis, and as long as people keep using the same passwords across multiple websites and apps, attackers are likely to keep targeting this type of information.

No wants to be a victim of a cyber attack or cyber extortion, but you can help protect yourself with State Farm® Identity Restoration Insurance.

The information in this article was obtained from various sources not associated with State Farm® (including State Farm Mutual Automobile Insurance Company and its subsidiaries and affiliates). While we believe it to be reliable and accurate, we do not warrant the accuracy or reliability of the information. State Farm is not responsible for, and does not endorse or approve, either implicitly or explicitly, the content of any third party sites that might be hyperlinked from this page. The information is not intended to replace manuals, instructions or information provided by a manufacturer or the advice of a qualified professional, or to affect coverage under any applicable insurance policy. These suggestions are not a complete list of every loss control measure. State Farm makes no guarantees of results from use of this information.

State Farm Fire and Casualty Company
State Farm General Insurance Company
Bloomington, IL

State Farm Florida Insurance Company
Winter Haven, FL

State Farm Lloyds
Richardson, TX

Start a quote

Select a product to start a quote.

Find agents near
you or contact us

There’s one ready to offer personalized service to fit your specific needs.

Related articles

How to help protect yourself from data breaches

Learn about data breaches and some tips to help keep your information secure from cyber-thieves.

Is online banking safe? Yes — but there are some best practices

Paying attention to a few details can go a long way toward boosting your online banking security.

Internet safety tips for teens

Between identity theft, cyberbullying, stalking and phishing scams, steer your teen away from internet dangers with this guide to online safety.

Social media safety tips to protect your information

With the popularity of social media continually growing, it's important to proactively keep yourself safe and your account and information private and secure.