According to Atlas VPN investigation, hackers employ credential stuffing attacks on US citizens more than 87 million times per day.
Combining the number of credential stuffing attacks of nine other countries from the top 10 list accounts for 16.9 billion attacks. The analyzed period is 24 months, from December of 2017 to November of 2019.
Meaning, these countries received only 26.4% of attacks that the US did in the same time frame.
Rachel Welch, COO of Atlas VPN, shares her advice on how to protect yourself against credential stuffing attacks: “Individuals that wish to protect themselves from credential stuffing attacks should set up two-factor authentication whenever possible. When hackers discuss credential stuffing attacks on the dark web, they often complain that 2-factor authentication is the biggest roadblock to a successful cyber-attack.“
Credential stuffing economy
Together with the credentials, scammers that wish to abuse leaked credentials will have to order checker software. Advanced checkers even collect the exact information that is available in the account, such as credit card details and account balances. Checkers cost around $150
Also, to overcome rate-limiting, hackers will have to use proxies. Rate limiting is a cyber-security measure which blocks a large number of login attempts from a single IP address.
Proxies allow hackers to change their IP addresses, which overcomes this restriction. Proxy services cost around $250/week.