![]() ![]() Today’s threat landscape features credential stuffing as a primary menace to every business in America: ![]() Successful credential stuffing attempts can directly lead to account takeover (ATO) and fraud. Credential Stuffing & Account Takeover (ATO) SPOTIFY PASSWORD RESET SUSPICIOUS ACTIVITY FULLBad actors find full credentials from the dark web or internet and then will attempt to access an account other sites where the exposed credentials may be valid. The main vulnerability is customer reuse of passwords across different accounts. This type of attack is difficult to defend against because organizations have a hard time discerning between legitimate customer usage and a bad actor gaining unauthorized access to the account. These incidents were made possible by credential stuffing-an attack methodology that utilizes stolen user names and passwords from one website, then uses them to access other web-based accounts. The attacks were invasive and the source of the attack vector is concerning. With articles coming out daily on new data breaches and leaks, perhaps you heard about the account takeover attacks at Basecamp, Dunkin Donuts, or TurboTax earlier this year. Five industries in particular are more at-risk for credential stuffing and account takeover (ATO) attacks. Updated with additional comment from TaskRabbit.All industries are targets for cyber-attacks, but some are more targeted due to the value of the accounts. It also said it would reduce the amount of data retained about taskers and customers as well as “enhance overall network cyber threat detection technology.”īrown-Philpot left TaskRabbit earlier this year, and the CEO role has since been filled by former Airbnb and Uber Eats leader, Ania Smith. Then-TaskRabbit CEO Stacy Brown-Philpot said the company had contracted with an outside forensics team to identify what customer information had been compromised by the attack, and urged both users and providers to stay vigilant in monitoring their own accounts for suspicious activity.įollowing the attack, the company said it was implementing several new security measures and would work on making the log-in process more secure. The year after the acquisition, however, TaskRabbit had to take its website and app down due to a “cybersecurity incident.” The company later revealed an attacker had gained unauthorized access to its systems. That eventually attracted the attention of furniture retailer IKEA, which bought the startup in September 2017 after TaskRabbit put itself on the market for a strategic buyer. TaskRabbit’s freelance labor marketplace was founded in 2008, and grew over time from an auction-style platform for negotiating tasks and errands to a more mature and tailored marketplace to match customers with contractors. StockX was hacked, exposing millions of customers’ data TechCrunch confirmed that the email was legitimate. TaskRabbit customers were alerted to the incident in a vague email that only noted their password had been recently changed “as a security precaution,” without saying what specifically prompted the account change. “As always, the safety and security of the TaskRabbit community is our priority, and we will continue to be vigilant about protecting our users’ personal information,” said the spokesperson. “We acted in an abundance of caution and reset passwords for many TaskRabbit accounts, including all users who had not logged in since May 1, 2020, as well as all users who logged in during the time period of the attack, even though most of the latter activity was attributable to users’ regular use of our services,” the spokesperson said. The company later confirmed it was a credential stuffing attack, where existing sets of exposed or breached usernames and passwords are matched against different websites to access accounts. The IKEA -owned online marketplace for on-demand labor said it reset user passwords out of an abundance of caution and that it “took steps to prevent access to any user accounts,” a TaskRabbit spokesperson told TechCrunch. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |