Skip to content
L2 Cyber Security Solutions
  • Home
  • Services
  • Prices
  • GDPR
  • Blog
  • Testimonials
  • About Us
  • Contact Us
L2 Cyber Security Solutions
  • Home
  • Services
  • Prices
  • GDPR
  • Blog
  • Testimonials
  • About Us
  • Contact Us

#WeekendWisdom 056 Credential Stuffing

November 27, 2020 | Comments Off on #WeekendWisdom 056 Credential Stuffing

Welcome to #WeekendWisdom number 56. This week we’re going to talk about credential stuffing.

https://www.l2cybersecurity.com/wp-content/uploads/2020/11/WeekendWisdom-056-lo.mp4

Where is this coming from?

I have introduced the www.HaveIBeenPwned.com service to a number of people recently. They have gone on to the website. They have typed in their email addresses and in some cases they have found that they have been included in data breaches. When they’ve gone to look and see what was breached, in a number of cases they had at least their email address and password for that service were included in the data breach.

Also check out previous #WeekendWisdom 014, #WeekendWisdom 015 and #WeekendWisdom 016.

Data breaches are bad. What should they do?

So they asked me “What should I do?”. The first thing of course is always, they must change their password on that service or site or whatever it was that was breached. Then I ask “Do you use that password anywhere else?” And they say “Yeah. I use it on multiple sites” or “It’s my favourite password. I use it everywhere.”

So I said “Well you’re going to have to change that password on all of these other platforms.”

They say “That’s going to be an awful lot of effort. Why should I worry?”

Why did you call this post Credential Stuffing?

You worry because of a thing called Credential Stuffing. What happens is that the bad guys, they take these data breaches, say from LinkedIn back in 2012. They take those email addresses and passwords that they have cracked and they try to sign into Facebook, into Twitter, into Microsoft 365, into Google G Suite, into Gmail and many, many other services. The criminals will try all of these things automatically.

They are stuffing credentials into services to be able to try and break in. That is what credential stuffing is all about. That is why you should not use the same password across multiple platforms and services.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.


How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.


Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

Posted in News and tagged #SecuritySimplified, #WeekendWisdom, Account Compromise, Account Takeover, Breach, Clare, Credential Stuffing, Cyber Security, Data Breach, HaveIBeenPwned, Limerick, Password, Password Reuse, Tipperary, Unique Password

The Ten Commandments

View our Ten Commandments of Cyber Security.

Recent Posts

  • ESB text message scam.
  • #WeekendWisdom 100 Something Completely Different
  • #WeekendWisdom 099 Using the security.txt file
  • #WeekendWisdom 098 Lessons from the Facebook Outage
  • #WeekendWisdom 097 Record Number of Zero Days

Search

Tags

#SecuritySimplified #WeekendWisdom Backups Best Practice Botnet Breach CEO Fraud Clare Commandments Covid-19 Covid19 CyberSecMonth Cyber Security Data Breach Data Privacy Data Protection Data Protection Commission DDOS Defence in Depth DPC Facebook Fake Fraud GDPR Internet of Things IoT Limerick LinkedIn Malware Microsoft Mobile Security Password Phishing Ransomware Scam Security Social Engineering Spear-Phishing Tipperary Training Two-Factor-Authentication USB Vulnerability Webinar Yahoo
© 2017-2023 L2 Cyber Security | Data Protection Notice
Scroll To Top