Ways to prevent your account from being hacked
Data breaches and compromised accounts happen all too often. Find out what credential stuffing is and learn some tips to avoid your account getting hacked.
With the increasing number of online accounts, mobile apps and home security cameras, consumers should be aware of the potential risks that come with this convenient technology. Home security camera owners have reported unsettling incidents, from a voice on their camera falsely warning of a missile attack to hackers talking to their child through their camera speaker.
So how are hackers getting in? According to Digital Shadows, a growing list of breached credentials — around 24 billion — are available on the Dark Web. Hackers use these compromised credentials to try to log in to other digital services, such as home security cameras or even baby monitors — and because over 66% of people use the same password across multiple websites and accounts, attackers have found it to be fairly effective.
What is credential stuffing?
Cybercriminals attempt to log in and steal account information using a cyberattack method called credential stuffing — or password stuffing. The hacker uses a bot and a collection of compromised credentials from past data breaches, such as usernames and passwords, to inject the data into login forms. The bot is used for its automation and large scale to gain access to several accounts on various websites or mobile apps. These automation tools are making it more efficient for hackers to quickly find vulnerable accounts.
According to Akamai, a content delivery and cloud service, 193 billion login attempts were detected in 2020. While financial services are a prime target, customers of social media sites, online commerce and streaming platforms also experience this threat.
How can I avoid becoming a victim of a credential stuffing attack?
- Check if your credentials have been compromised. Visit haveibeenpwned.com to help determine if your account or password were part of a breach. If you haven't already, change the password of any account that uses a password that may have been compromised.
- Use a unique, strong password everywhere. They should ideally be 12-15 characters and include a combination of uppercase letters, numbers and special characters. A password manager can help generate these passwords for you. It stores them all in one encrypted location, and can automatically insert passwords when you log into sites.
- Use Multi-Factor Authentication (MFA) when possible. This allows access only after two or more pieces of evidence are presented — usually a password and a generated code that is sent to the user by phone, text or email during login.
How can I protect myself from extortion attempts?
In addition to hacking into users' accounts, bad actors are increasingly using stolen credentials in extortion attempts. It's not uncommon to receive an email claiming to be from someone who used your credentials to hack into your computer. The email often includes your password as proof that they've broken into your account, and demands a ransom paid in Bitcoin.
The Federal Bureau of Investigation (FBI) Internet Crime Compliant Center (IC3) reported 39,360 extortion scams in 2021, with losses totaling over $60 million. Here are some ways to help protect yourself:
- Do not open email or attachments from unknown individuals.
- Regularly monitor your bank account statements and credit report at least once a year for any fraudulent activity.
- Do not reply to unsolicited email senders.
- Do not store or share sensitive or embarrassing photos of yourself online or on your mobile devices.
- Use strong and complex passwords and do not use the same password for multiple websites.
- Never provide personal information of any sort via email. Be aware that many emails requesting your personal information appear to be legitimate.
- Ensure security settings for social media accounts are turned on and set at the highest level of protection.
- Verify the web address of legitimate websites by verifying the URL prefix includes https, or the status bar displays a "lock" icon — and manually type the address into your browser.
New data breaches are making headlines on a regular basis, and as long as people keep using the same passwords across multiple websites and apps, attackers are likely to keep targeting this type of information.
No wants to be a victim of a cyber attack or cyber extortion, but you can help protect yourself with State Farm® Identity Restoration Insurance.