Attackers are targeting loyalty programs with credential stuffing attacks, according to a report by Akamai. The cybercriminals are selling account access, points, and other rewards stolen from loyalty programs on the dark web. Between July 2018 and June 2020, Akamai recorded more than 100 billion credential stuffing attacks, with more than 63 billion of them targeted at retail, travel, and hospitality industries that rely on loyalty programs to retain customers.
More from Akamai:
- Using credentials stuffing attacks, cybercriminals are able to exploit stolen usernames and passwords from one organization to breach other sites.
- Loyalty programs are easy targets because many people don't see them as high risk and tend to reuse usernames and passwords for those accounts.
- Attackers are also targeting retail, travel, and hospitality industries with SQL injection and local file inclusion attacks.