Credential Stuffing Attacks Take Online Retailers By Storm

  • By Megha Mittal
  • Published on 20 July 2018

Hackers account for 90% of login attempts at online retailer sites.

Hackers are driving a big underworld business selling personal stolen data on the dark web. Cybercriminals buy this information to log into a website where they can grab valuables such as cash, airline points or merchandise.

According to a report by Shape Security, "Hackers account for 90% of e-commerce sites' global login traffic." Hackers use programs called “credential stuffing” where they apply stolen data in a flood to attempt to login. The attacks are successful as often as 3% of the time with the costs quickly adding up to $6 billion per year for e-commerce businesses. While the consumer banking industry loses about $1.7 billion annually.

The hackers start the "credential stuffing" process by breaking into the database and stealing the login information. Some of the best known “data spills” took place at Equifax and Yahoo, but they happen quite a bit more often. According to data collected by Shape Security, there were 51 reported breaches last year, compromising 2.3 billion credentials.

What is the best way to stop these Credential Stuffing Attacks?

By changing your passwords? Do you think the password changing policy will help? Though users are suggested to change their passwords, how often can users change their passwords? Every 3 months? But it can take a hacker less than a day, not months, to crack any password.

Your passwords should be changed every day and every hour with a complex computer-generated password.

But how is this possible? By using a cybersecurity solution - LoginCat.

LoginCat is the right solution to prevent such attacks.


  • LoginCat will automatically change the passwords every hour. So even if hackers manage to find the login details, we need not worry.
  • The new passwords generated are very complicated and hard to crack.
  • Not even users are aware of the constantly changed password as LoginCat will log them into the end system.
  • LoginCat eliminates User IDs. So, there will be no hack target.
  • LoginCat exclusively uses passphrases instead of passwords which are next to impossible to crack.
  • LoginCat’s AI based security algorithms will analyze incoming login attempts and ban hackers by using AI algorithms.
  • When hacked, LoginCat will either lock out the attackers automatically by changing the credential or immediately detect the hack - either way preventing the damages.