Supermarket News | July 24, 2020 –Investigation cites ‘credential stuffing’ following reports of user account information being sold on ‘dark web’.
“I have been responsible for organizations that had similar attacks,” Capps said in an interview. “In those cases, they aren’t compromises of the systems themselves. They aren’t breaking into the firewall. They aren’t looking for vulnerabilities in the site. They are literally using stolen credential information that’s available on the Internet, and they’re using different techniques to validate those credentials across the Internet, including all major platforms, whether they’re banking, retail, online services or what have you. They’re looking for overlap between consumers using their password from one site that has been compromised and where it’s found in other places.”