I can’t think of a more out-of-left-field story to cover than that of hackers using stolen credentials to buy fancy cheese, yet here we are. In an article for Quartz, written in 2018 by John Detrixhe, we learn what affects the world of database breaches has had. This article specifically covers the e-commerce end of hacking, and lightly touches upon some of the end results that these hacks have.
In the article, Detrixhe discusses how a security firm analyzed login attempts for various sites, and found that “more than 90% of e-commerce sites’ global login traffic comes from” hacked data. That is an outlandishly high number, but it seems even more unsettling when they go on to mention that nearly sixty percent of logins for banks are from “credential stuffing” as well. Credential stuffing is when hackers blast as many sites as they can with login attempts using stolen emails, usernames, and passwords. Credential stuffing may stagnate, with only a one percent growth in data breaches in 2016, but of course the danger always looms.
Most interesting is what these hackers are using the stolen credentials for. In one popular case, the hackers used the logins to purchase incredibly expensive cheese (yes, the food) and sell it for cash to high-end restaurants. Alongside the existential threat of above-board cheese purchase, the article also mentions how airlines will many times purchase airline miles that were stolen through credential stuffing. While the airline theft sounds more nefarious, the end result is that thieves have access to billions of login credentials, thanks to breaches such as the one that occurred at Equifax. This is where the hacking all starts to break down for me. The most fascinating part of cyber security is analyzing the end game for these criminals. I think it would be far harder to trace down and capture criminals on the cheese market than it would be to find who is supplying fraudelent airline miles, if only because the former is innocuous.
Despite how cute it sounds that criminals have a hankering for gourmet cheese, the reality is that data breaches pose a serious threat. It is becoming more and more clear that many companies don’t employ even the most basic encryption of their user’s data. Fortunately, these companies get slammed online, and word spreads, forcing their hand to better protect the data on their servers. While it is relatively common for people to just reuse the same or similar passwords for all logins, there also seems to be decay there as well, with more attention being drawn to not just how common these breaches are, but how far spread they reach. It is of course unfortunate that there had to be sacrifice, but at this point its suffice to say we are learning.
Source Article: https://qz.com/1329961/hackers-account-for-90-of-login-attempts-at-online-retailers/?utm_source=reddit.com
Social Structures & Algorithms 