< ciso
brief />
Tag Banner

All news with #credential stuffing tag

87 articles · page 3 of 5

Snail Mail Phishing Targets Trezor and Ledger Users

📬 Cybercriminals are mailing phishing letters impersonating Trezor and Ledger to trick hardware wallet owners into surrendering recovery phrases. The letters pressure recipients with deadlines for an Authentication Check or Transaction Check and instruct them to scan QR codes that lead to cloned setup pages. Those pages prompt entry of 24-, 20- or 12-word seed phrases, which are then sent to attacker-controlled servers, allowing funds to be stolen. Never share your recovery phrase; manufacturers will never ask for it.
read more →

Two Connecticut Men Indicted in $3M Online Gambling Fraud

🎰 Two Connecticut residents, Amitoj Kapoor and Siddharth Lillaney, were federally indicted on 45 counts alleging a wide-ranging identity theft and gambling fraud scheme that generated about $3 million in illicit profits. Prosecutors say the men bought PII for roughly 3,000 victims on darknet markets and Telegram, used background-check services to pass verifications, and opened fraudulent accounts on FanDuel, DraftKings and BetMGM. Winnings were routed through virtual stored-value cards and then moved into accounts controlled by the defendants. Both were released on $300,000 bonds; the charges remain allegations.
read more →

Massive Data Leak Exposes 149M Login Credentials Worldwide

🔒 Cybersecurity researcher Jeremiah Fowler uncovered a publicly accessible database containing 149 million login credentials, including usernames, plaintext passwords and direct login URLs. Affected accounts span major tech and streaming providers, with about 48 million Gmail entries, 17 million Facebook and 6.5 million Instagram records. Fowler attributes the collection to keyloggers and infostealer malware and warns the dataset enables automated credential-stuffing, targeted fraud and convincing phishing campaigns.
read more →

PcComponentes denies hacker claim of 16M customer breach

🔒 PcComponentes has denied claims by an online actor using the alias 'daghetiaw' that it stole personal data for 16.3 million people. Security platform Hackrisk.io reported the claim and a shared 500,000-line sample, while PcComponentes says there was no unauthorized access to its databases. The retailer attributes the activity to credential stuffing, stresses that raw payment card data were not stored, and says it has implemented measures to strengthen account protection.
read more →

PcComponentes denies 16M breach, cites credential stuffing

🔒 PcComponentes says it found no evidence of unauthorized access after investigating claims that a threat actor leaked a 16.3 million‑record customer dataset, but confirmed its platform was targeted in a credential stuffing campaign. The actor posted a 500,000‑record sample and offered the remainder for sale. The company asserts no payment details or passwords are stored and that only a small number of accounts showed exposure of personal data. PcComponentes has deployed CAPTCHA, mandated two‑factor authentication and invalidated active sessions.
read more →

Peruvian Loan Scam Harvests Card Details and PINs at Scale

🔒 A large-scale phishing campaign in Peru has used polished fake loan applications to collect valid card numbers, online banking passwords and 6-digit PINs, according to Group-IB. Active since 2024, the operation leverages targeted social media ads and roughly 370 domains, including 16 impersonating a major Peruvian bank. The flow deliberately breaks facial verification so victims are steered toward card entry, and card numbers are filtered with the Luhn check to ensure usability. Group-IB urges stronger customer education, multi-factor authentication and cross-industry intelligence sharing to counter the threat.
read more →

Old Habits Die Hard: 2025’s Most Common Passwords Worldwide

🔐 Two 2025 analyses by NordPass and Comparitech show that simple numeric strings like '123456' continue to dominate leaked password lists worldwide. Across 44 countries, 25% of the top 1,000 passwords are purely numeric, while predictable entries such as 'admin', '12345678' and '12345' remain widespread, including in the US and UK. Security advice is clear: change weak or reused passwords, use a reputable password manager, and enable two‑factor authentication or passkeys to reduce account takeover risk. Organizations should combine technical controls with user training to mitigate large‑scale exposure.
read more →

Illinois Man Charged for Phishing Snapchat Accounts

🔒 U.S. prosecutors charged an Illinois man with running a phishing operation that targeted nearly 600 women’s Snapchat accounts between May 2020 and February 2021. Kyle Svara allegedly used social engineering to collect emails, phone numbers, and usernames, then impersonated Snap representatives to request access codes and harvest credentials, ultimately accessing at least 59 accounts and downloading private images. He is accused of advertising hacking services on Reddit, directing accomplices to encrypted channels such as Kik, and selling or trading stolen content. Svara faces federal counts including aggravated identity theft, wire fraud, computer fraud, and making false statements related to child pornography, and is scheduled to appear in Boston federal court on February 4.
read more →

Credential stuffing: risks and protection advice today

🔐 Credential stuffing exploits reused login credentials harvested from breaches or captured by infostealer malware, then systematically automates login attempts across services. Attackers increasingly use bots, IP rotation and AI-assisted scripts to mimic human behavior and evade basic defenses, enabling stealthier and larger-scale attacks. Because it uses valid credentials, it often bypasses alarms that detect brute-force failures. Protect yourself with a password manager, enable 2FA/MFA, and monitor for exposed credentials.
read more →

Cloud file-sharing breaches selling corporate data

🔐 A threat actor known as Zestix is offering corporate data reportedly stolen from dozens of companies after breaching ShareFile, Nextcloud, and OwnCloud instances. Hudson Rock links initial access to credentials harvested by infostealers such as RedLine, Lumma, and Vidar, often delivered via malvertising or ClickFix campaigns. Many affected accounts lacked multi-factor authentication, enabling unauthorized access and large-scale data exfiltration.
read more →

LinkedIn Job Scams: Global Tactics and Local Impacts

🔎 This post summarizes a cross‑national pattern of LinkedIn job scams in which fake employers and recruiters extract money or credentials from prospective employees. Tactics vary by market: tech‑job baiting in India, referral‑style fraud in Kenya, fake formal roles in Mexico, and credential‑harvesting schemes in Nigeria. The author emphasizes these are employer‑side frauds and distinct from scams where attackers pose as employees to secure remote work.
read more →

LastPass 2022 Breach Enabled Years-Long Crypto Drains

🔐 TRM Labs says encrypted vault backups stolen in the 2022 LastPass breach have been incrementally cracked by attackers exploiting weak master passwords, resulting in cryptocurrency drains as recently as late 2025. The firm traces over $35 million in siphoned assets, much of it laundered through CoinJoin and Russian-linked exchanges. TRM highlights how demixing and operational analysis linked activity to Russia-associated infrastructure and warns users who did not rotate credentials remain at risk.
read more →

SEC Charges Crypto Firms Over $14M Investment Scam

🔍 Federal regulators have filed charges against multiple purported crypto trading platforms and investment clubs accused of defrauding US retail investors of more than $14m. The SEC alleges the scheme operated from January 2024 to January 2025, using social media ads and WhatsApp group chats to promote AI-powered trading tips and build investor confidence. Victims were directed to fund accounts on platforms including Morocoin Tech Corp., Berge Blockchain Technology Co. Ltd. and Cirkor Inc., where withdrawals were blocked and additional advance fees were requested.
read more →

Coordinated Fake Job Ads Target MENA Remote Workers

🔍 Group-IB has uncovered a coordinated campaign of professionally produced fake job ads targeting MENA remote workers, exploiting the region's shift to remote roles. Ads on Facebook, Instagram and TikTok impersonate banks, e-commerce platforms and government bodies, then move conversations to WhatsApp and Telegram to harvest personal and financial data. Scammers promise quick earnings, use localized language and currencies, and reuse scripts and fake sites to scale and evade detection. Individuals are advised to verify employers, avoid sharing sensitive information and report suspicious listings.
read more →

FBI Seizes Domain Hosting Stolen US Bank Credentials

🔒 The FBI has seized the domain web3adspanels.org and the backend database used to host thousands of stolen U.S. bank login credentials collected via phishing ads on Google and Bing. Authorities report confirmed financial losses of about $14.6 million and attempted losses near $28 million, affecting at least 19 victims including two companies in the Northern District of Georgia. The seizure, conducted with help from Estonian and other international partners, removed a server that was active as recently as November; no arrests have been announced.
read more →

Cybercriminals Recruiting Insiders in Finance, Telecom, Tech

🔒 Cyber criminals are increasingly recruiting insiders at banks, telecoms, and tech firms to obtain network and cloud access. Darknet adverts offer payouts ranging from $3,000 to $15,000 for account credentials or direct access, and threat actors target crypto exchanges, banks, and major cloud providers. Effective prevention requires employee education, enforced access controls, and active darknet monitoring.
read more →

Credential-based attacks target Cisco and Palo Alto VPNs

🔒 Security researchers observed a coordinated credential-stuffing campaign targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect portals over a two-day span in mid-December. GreyNoise reported millions of automated login sessions from more than 10,000 unique IPs, using a consistent TCP fingerprint and a Firefox-like user agent. The activity did not exploit software flaws but instead relied on large-scale username/password probes. Analysts urged enforcing strong passwords and MFA, auditing exposed edge devices, and leveraging threat-intel blocklists to filter malicious traffic.
read more →

Third Defendant Pleads Guilty in Fantasy Betting Hack

🔒 Nathan Austad, 21, pleaded guilty to conspiring to commit computer intrusion after participating in a credential stuffing campaign that compromised more than 60,000 user accounts on a fantasy sports betting site in November 2022. Prosecutors say attackers added payment methods, drained balances and sold account access on online marketplaces; roughly $600,000 was stolen from about 1,600 victims. Investigators say Austad ran an online shop and controlled cryptocurrency wallets that received approximately $465,000 in proceeds. He acknowledged awareness of an active investigation and faces up to five years in prison, with sentencing scheduled for April 10, 2026.
read more →

Preparing Retailers for Holiday Credential Threats

🔒 Retailers face concentrated credential risk during holiday peaks as bot-driven fraud, credential stuffing and pre-staged automated attacks target logins, payment tokens and loyalty balances. Effective defenses combine adaptive MFA, bot management, rate limiting and credential-stuffing detection to stop automation without harming checkout conversion. Strong controls for staff and third parties, plus tested failovers and tools like Specops Password Policy to block compromised passwords, reduce blast radius and protect revenue.
read more →

Phishing, Privileges and Passwords: Identity Risk Guide

🔒Identity-focused attacks are driving major breaches across industries, with recent vishing incidents at M&S and Co-op enabling ransomware intrusions and combined losses exceeding £500 million. Attackers harvest credentials via infostealers, targeted phishing/smishing/vishing, breached password stores and automated attacks like credential stuffing. Implement least privilege, strong unique passwords in managers, MFA (authenticator apps or passkeys), PAM and automated identity lifecycle controls to limit blast radius.
read more →