Attorney General Letitia James said in an announcement on Wednesday, Jan. 5, that the "Credential Stuffing Attacks" involve repeated, automated attempts to access accounts by using information stolen from other websites.
James said often people reuse the same passwords on different sites, which allows cybercriminals to use stolen passwords on other websites.
“Right now, there are more than 15 billion stolen credentials being circulated across the internet, as users’ personal information stand in jeopardy,” James said. “Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We must do everything we can to protect consumers’ personal information and their privacy.”
The 17 companies that were found to be impacted by the attacks during the investigation were well-known online retailers, food delivery services and restaurant chains, James said.
She said the companies have been notified and have all taken steps to protect customers who were impacted.
The Attorney General's Office also released a guide explaining how businesses can protect themselves from these attacks.
Click here to follow Daily Voice Greenburgh and receive free news updates.