Why is ATO Growing? Nearly 3 Billion Stolen Logins on Sale in 2019

Why is ATO Growing? Nearly 3 Billion Stolen Logins on Sale in 2019

February 14, 2019

Whether it is a cause or an effect, the beginning of 2019 illustrates why credential stuffing and the resulting account takeover attacks have become such a problem for e-commerce merchants, banks, telcos and others. In the middle of January, an enormous cache of login credentials (called Collection #1), stolen in various breaches over a number of years, was packaged and up for sale on the Dark Web. Since that time Collections #2 through #5 have also been posted on dark sites purportedly offering in excess of 2.2 billion unique credentials in total. This week the news got worse.

Security publication The Register confirmed 620 million username/password combinations amassed from breaches that occurred in 2017 and 2018 at organizations including Armor Games, Dubsmash, MyFitnessPal and Whitepages are now for sale in their own collection. According to the publication, the passwords are encrypted.

The automation of credential stuffing using scripted bot attacks has made validating good username/password combos very easy for fraudsters. Once validated at sites with a linked payment method, bad actors can have unfettered access to online accounts and monetizing the information can happen very quickly in any number of ways.

Previous-Article-CNP Next-Article-CNP


Identifying Credential Stuffing for Account Takeovers


  • Share this Article:
DJ Murphy