Recently, there have been two high-profile customer data breaches in the news that are examples of credential cracking and credential stuffing: on November 9th at Dell Computers and on October 31st at Dunkin Donuts. The Dunkin Donuts incident required all DD Perks members to change their passwords. Let’s dig a little deeper and look at the significance of these data breaches and what hackers are busy doing these days.
Credential cracking has been around for a while. Using a software application that runs automated tasks over the Internet (a.k.a., a bot), a hacker takes a list of user accounts (without passwords) and by deploying a brute force attack, continues to try various word combinations to unlock the password associated with that account. Once the password has been obtained (or “cracked”), the hacker can easily change the password so that the original user no longer has access. Since many people use the same password across numerous accounts, a practice known as credential stuffing, the hacker then attempts to crack additional accounts using the same password.
Many of us have had the experience in which we’ve tried to log in to a previously available site and found that our credentials no longer work. This is a very popular hacker tactic to use on Gmail and Yahoo email accounts since the usernames are so readily available. This hijacking of our accounts is not only frustrating but also costly.
Newer hacking software tools are both inexpensive and readily available, enabling hackers to apply all of the username and password combinations they have discovered to launching new attacks on multiple sites. These sites include banks, department stores, utilities, and online commerce platforms, which generally store sensitive information such as bank account and credit card numbers.
In a few cases, hackers who have discovered multiple username and password combinations for a particular site will attempt to use the information to convince the site that they have been hacked and extort money in exchange for deleting the data they acquired. Now when a site does get hacked and multiple credentials are acquired, credential stuffing activity picks up dramatically as hackers try to find other accounts and sites using that same login/password combination.
If you are diligent about your online security and you do not ever reuse a password, then credential stuffing could never work against you. Unfortunately, according to one recent survey, 81% of users have reused a password across two or more sites, and 25% of users employ the same password across a majority of their accounts. Juggling and recalling numerous passwords for all your accounts may seem arduous, but there are numerous password apps and software available to help you manage this necessary function. The conclusion is obvious: don’t use the same password across multiple sites or you will make yourself vulnerable to hackers and their credential stuffing campaigns.
If you have concerns about the security of your business data or about the password security of your employees, please give us a call.
Nick Eckman joined NetCenergy in 2016 from an international gaming company. Nick’s experience with supervising and implementing secure, fiber and copper wire infrastructure services provides our clients with a team of highly trained and experienced technicians. In addition to the skills required to manage our infrastructure services department, Nick brings a very experienced and focused approach to project management and is a stickler for accurate documentation for every project designed and built by his team.
Peter Lachapelle joined NetCenergy in 2015 and is responsible for leading all of NetCenergy’s operations and accounting functions. Each department within NetCenergy reports through Lachapelle. He brings his years of experience to maintain a pragmatic, efficient, client-focused team at NetCenergy. Lachapelle joined NetCenergy after completing a 27-year career with a Rhode Island, federally-charted bank which culminated in his senior management position as COO and CFO for the bank.
Peter Nelson has 25+ years of technology and management experience and has been with NetCenergy since inception. Peter serves as the VP of Engineering at NetCenergy. His role consists of managing the engineering staff, driving the companies technology strategy, and ensuring NetCenergy keeps up to date on new technologies and solutions.
As a Founding Partner, Dan is a result oriented individual who is always focusing on what is best for his client. He understands that business applications empower an organization and that technology must support those critical business applications. Dan’s technology career started in 1990 at EMC Corporation. Through the years, he has represented technology and consulting services for several organizations until 2003, when he and Don Nokes founded NetCenergy.
As President of NetCenergy, Don is responsible for ensuring client satisfaction, overseeing overall performance, and for providing direction to the organization. Prior to co-founding the firm with Dan Charland, Don held senior leadership positions with IT service firms ranging in size from $3 Billion to $10 Million in annual sales.
With decades of hands-on HR experience, Margery Ahearn is our Director of Human Resources, overseeing all hiring of new positions for NetCenergy with a careful eye on sourcing technology savvy engineers and skilled office-based professionals who fit our company culture, understand our commitment to our clients, and bring their time and talents to our team. Margery has both a BA and MBA in Business Administration from Southern New Hampshire University.