Skip to Main Content

Start Of Main Content

How to avoid your account getting hacked

Credit breaches are making the news headlines on a frequent basis. Find out what credential stuffing is and learn some tips to avoid being a victim.

Some home security camera owners have reported bizarre incidents, from a voice on their camera falsely warning of a missile attack to hackers talking to their child through their camera speaker. However, camera manufacturers insist their systems have not been compromised. So how are hackers getting in?

A growing list of breached usernames and passwords — over 7 billion — are freely available on the dark web. Hackers use these compromised credentials to try to log in to other digital services, such as home security cameras – and because 59% of people use the same password for most logins, attackers have found it to be fairly effective.

What is credential stuffing?

The tactic is known as credential stuffing, and automation tools are making it more efficient for hackers to quickly find vulnerable accounts.

Akamai, a content delivery and cloud service, detected 28 billion malicious login attempts from bots in the second half of 2018 – more than triple the number detected in the previous six months.

While financial services are a prime target, customers of Nest, Dunkin' Donuts, and OkCupid have fallen victim to credential stuffing.

How can I avoid becoming a victim of a credential stuffing attack?

  • Check if your information has been compromised. Visit to help determine if your account or password were part of a breach. If you haven’t already, change the password of any account that uses a password that’s been compromised.
  • Use a unique, strong password everywhere. A password manager can help generate these passwords for you. It stores them all in one encrypted location, and can automatically insert passwords when you log into sites.
  • Use Multi-Factor Authentication (MFA) when available. This allows access only after two or more pieces of evidence are presented – usually a password and a code that is sent to the user by phone, text or email during login.

In addition to hacking into users’ accounts, bad actors are increasingly using stolen credentials in extortion attempts.

It’s not uncommon to receive an email claiming to be from someone who used your credentials to hack into your computer. The email often includes your password as proof that they’ve broken into your account, and demands a ransom paid in Bitcoin.

How can I protect myself from extortion attempts?

The Federal Bureau of Investigation’s (FBI) Internet Crime Compliant Center (IC3) reported electronic extortion scams rose 242% to 51,146 reported crimes in 2018, with losses of $83 million. The IC3 provides some tips on how to protect yourself:

  • Do not open e-mail or attachments from unknown individuals.
  • Monitor your bank account statements regularly, as well as your credit report at least once a year for any fraudulent activity.
  • Do not communicate with unsolicited email senders.
  • Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
  • Use strong passwords and do not use the same password for multiple websites.
  • Never provide personal information of any sort via e-mail. Be aware that many e-mails requesting your personal information appear to be legitimate.
  • Ensure security settings for social media accounts are turned on and set at the highest level of protection.
  • When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.

New breaches are making headlines on a regular basis, and as long as people keep using the same passwords everywhere, attackers are likely to keep targeting this type of information.

No wants to be a victim of a cyber attack or cyber extortion, but you can protect yourself with State Farm’s® Identity Restoration Insurance.

The information in this article was obtained from various sources not associated with State Farm® (including State Farm Mutual Automobile Insurance Company and its subsidiaries and affiliates). While we believe it to be reliable and accurate, we do not warrant the accuracy or reliability of the information. State Farm is not responsible for, and does not endorse or approve, either implicitly or explicitly, the content of any third party sites that might be hyperlinked from this page. The information is not intended to replace manuals, instructions or information provided by a manufacturer or the advice of a qualified professional, or to affect coverage under any applicable insurance policy. These suggestions are not a complete list of every loss control measure. State Farm makes no guarantees of results from use of this information.

Also Important

Social Media Safety Tips to Protect Your Information

Social Media Safety Tips to Protect Your Information

With the popularity of social media continually growing, it’s important to proactively keep yourself safe and your account and information private and secure.

Protect Smartphone & Help Prevent Identity Theft

Protect Smartphone & Help Prevent Identity Theft

Simple tips, like locking your cell phone or other smart device, help prevent identity theft and your personal info from being stolen.

Related Articles

How to Help Protect Yourself From Data Breaches

How to Help Protect Yourself From Data Breaches

Data breaches are becoming more common. Here's what you can do to help protect yourself and prevent a hack.

Simple ways to bank online safely

Simple ways to bank online safely

Safe and secure online banking is more than just a strong password. These six tips can help you boost your online banking security.

Internet Safety Tips for Teens

Internet Safety Tips for Teens

Between identity theft, cyberbullying, stalking, and phishing scams, steer your teen away from Internet dangers with this guide to online safety.