New York warns over a million users of top websites may have had data stolen

New York warns over a million users of meridian websites may have had data stolen

(Image credit: Raj N)

New York's lawmakers accept warned some of the summit online companies that customers may have had login information stolen, and urged them to notify those afflicted immediately.

The New York State Office of the Attorney General (NY OAG) notified 17 "well-known" companies that more a million of their customers accept had their accounts compromised in credential stuffing attacks. These include online retailers, restaurant chains, and food delivery services, although no specific names were revealed.

While conducting a "sweeping investigation" that lasted many months, OAG monitored multiple online forums where malicious actors shared valid login credentials stolen in previously unknown stuffing attacks.

Businesses' responsibility

"In all, the OAG collected credentials for more than one.1 million customer accounts, all of which appeared to have been compromised in credential stuffing attacks," OAG allegedly said.

"Post-obit discovery of the attacks, the Office of the Attorney General (OAG) alerted the relevant companies so that passwords could be reset and consumers could exist notified."

New York Attorney General Letitia James added that businesses have the responsibility to motion and protect their customers' online activities.

"We must do everything we tin can to protect consumers' personal information and their privacy," she concluded.

Credential stuffing is a type of cyberattack in which the attackers "stuff" the target service, such equally a social media platform, with millions of accounts stolen elsewhere (for example, if a east-retailer'south database gets infected with malware ). They are able to submit millions of credentials near instantly, thanks to automated solutions. The attacks are used to different ends, including identity theft, or even ransomware attacks.

The practice is extremely widespread, due to endless credentials circulating around the web, as well as the fact that many people often use the same login information (usernames, emails, also as passwords) across numerous services, as it's easier to call up and more than user-friendly to utilise. According to James, there are currently fifteen billion stolen credentials that circulate online.