New York Attorney General Warns Businesses About Credential Stuffing Attacks

Lori Kalani, Bernard Nash
Cozen O'Connor
Contact
LinkedIn
Facebook
X
Send
Embed

Cozen O'Connor

  • New York AG Letitia James warned that more than 1.1 million online accounts were compromised in cyberattacks known as “credential stuffing attacks” at 17 well-known companies and released a guide with recommendations for how businesses can safeguard consumer accounts from such attacks.
  • According to the AG’s office, credential stuffing attacks involve the repeated and automated use of usernames and passwords stolen from online services in an effort to gain unauthorized access to online accounts at other, unrelated online services. Credential stuffing, which may involve the submission of millions of login attempts, is one of the most common forms of cyberattacks and the AG’s office warned that they are so prevalent as to be practically unavoidable.
  • The recommendations in the guide include implementing effective cybersecurity measures like deploying bot detection services, multi-factor authentication, and password-less authentication, requiring consumers to reenter information such as credit card numbers at each purchase, and preparing a written incident reporting plan that includes investigation, notification, and remediation protocols.
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cozen O'Connor | Attorney Advertising

Written by:

Cozen O'Connor
Cozen O'Connor
Contact
more
less

Cozen O'Connor on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide