Retailers top credential stuffing targets


By Dylan Bushell-Embling
Thursday, 28 February, 2019
Retailers top credential stuffing targets

Retailers have become the top target worldwide for credential stuffing attacks, involving the use of bots to try stolen login information across the web, according to Akamai’s latest State of the Internet – Security report (PDF).

Hackers attempted credential abuse at retail sites more than 10 billion times from May to December last year alone, the report found.

Attackers are using sophisticated all-in-one bots that allow them to target more than 120 retailers at once with stolen login credentials.

These bots are multifunction tools that often use a number of evasion techniques to avoid detection.

While the retail sector is the top target, media and entertainment properties are notable credential abuse victims as well, with attackers targeting them in an attempt to obtain the personal information registered on the sites. This type of data has high resale value on the black market.

The report also identified significant numbers of credential abuse attacks against financial services, hotel and travel, and consumer goods sites.

“The techniques change, but the motivation remains the same: greed,” commented Martin McKeay, Security Researcher and Editorial Director of the State of the Internet – Security report.

“Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: apparel sites are targeted the most.”

Meanwhile, the report also identified security concerns related to the growing preponderance of web traffic. Akamai research suggests that API calls represent 83% of web traffic, with the majority of traffic being for custom applications.

Because some security tools are not equipped to manage API traffic, this growth should be an important factor for security teams when considering risk.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

Cloudflare adds post‍-‍quantum support to SASE platform

Cloudflare has progressed its mission of upgrading its product offerings to support...

ASD launches malware analysis tool on GitHub

ASD says its new open-source tool, Azul, will allow oganisations to explore, analyse and...

Akamai and NVIDIA develop OT security solution

Akamai and NVIDIA have jointly developed a solution for enabling zero trust security capabilities...

Content from other channels on our network

Making Australian data centres more sustainable

Exploring grid security in a high-renewables era

$39.5m boost for electrical training in Qld

Delivering switchboards for a major healthcare precinct

Hallett battery project launched in SA

Telstra, Ericsson and Qualcomm claim 5G uplink speed record

Belgian telco goes live with SaaS-based commercial 5G service

WBA publishes guidance on AI and ML for intelligent Wi-Fi

VIAVI launches caesium-less primary reference time clock

Motorola Solutions opens new R&D centre

Generating electricity using durable piezo-active nylon

What does 'flexibility' actually look like?

Light-powered optical modules boost AI efficiency

Next-gen polymer IR lens technology for thermal imaging

Red OLED microdisplay for energy-efficient AR/VR

  • All content Copyright © 2026 Westwick-Farrow Pty Ltd