BleepingComputer reports that more than 10 billion credential stuffing attempts have been recorded by Okta during the first three months of 2022, accounting for 34% of overall authentication traffic.
Most of the credential stuffing events were observed in the U.S. and South East Asia, where credential stuffing traffic was consistently higher than normal login attempts during the first quarter of the year, the report showed.
Retail/eCommerce were most impacted by credential stuffing attacks, while organizations in the financial services, energy, education, and software sectors also experienced significant attack volumes. Outdoor recreation products firm The North Face was recently impacted by a credential stuffing attack that compromised nearly 200,000 online shop accounts.
Such attacks should prompt the adoption of more intensive security measures by online platforms. While implementing multi-factor authentication and strong passwords could avert credential stuffing attacks, social engineering tactics have since been leveraged by threat actors to evade MFA, as indicated by the recently reported MFA Fatigue attacks.