According to Atlas VPN investigation, hackers carry out 87 million credential stuffing attacks on US citizens daily.
Credential stuffing is a cyber-attack where fraudsters use large numbers of stolen credentials to log into individuals’ or companies’ accounts. This cyber-attack type is on the rise due to the high number of data breaches in the past years.
Such attacks can cause substantial monetary losses. For individuals, the biggest monetary damages occur when hackers access accounts containing a lot of personal information, which can lead to identity theft.
The easiest way for fraudsters to steal money is to obtain access to an account which contains credit card or other payment details from services such as PayPal, eBay, and Amazon.
To gain insight into the number of credential stuffing attacks and the most attacked countries, we have analyzed 24 months (from December 1, 2017, to November 30, 2019) of credential stuffing attacks.
Looking at the data, it is apparent that the US is by far the largest victim of credential stuffing attacks globally. In the US, the number of attacks averages over 87 million attacks per day or 3.6 million attacks per hour.
In part, this is due to a large number of leaked records in the United States.
Combining the number of credential stuffing attacks of the other nine countries accounts for 16.9 billion attacks. Meaning, these countries combined received only 26.4% of attacks that the US did in the same time frame.
Research shows that out of all possible cyberattacks, such as phishing, malware, DDoS, man-in-the-middle-attacks, and others, credential stuffing accounts for 44% of attacks on financial services. The reason being, hacking a financial institution or service would result in huge monetary gains for fraudsters.