This formidable technique explains the explosion of cyberattacks in France

© Shutterstock/VRVIRUS

Free, SFR, Boulanger, Auchan, Picard, and Truffaut and Direct Assurance, data thefts have exploded in recent months in France. While each case is of course different, one tactic seems to have been favored by hackers: “credential stuffing.” Here's how it works.

An effective method

In concrete terms, malicious actors will use identifiers (usernames, email addresses, passwords, etc.) that were previously stolen from a service. It must be said that many users reproduce the same passwords on different platforms, so this technique often proves profitable.

This method has clearly proven itself, as Benoit Grunemwald, the director of public affairs at ESET France, explained to our colleagues at 01Net :

After a data breach, cybercriminals collect thousands of emails and use automated programs to test them on multiple sites. A single, reused password becomes a backdoor into your entire digital life, especially if that access opens your email. This makes it possible to reset passwords easily.

200% Deposit Bonus up to €3,000 180% First Deposit Bonus up to $20,000

Of course, cybercriminals don’t do this by hand, as it would take too much time. They automate the process using scripts and bots that can test a huge number of combinations and services in a very short time.

01Netcites the example of the cyberattack that recently targeted Picard. Using Credential Stuffing, hackers managed to steal the personal data of 45,000 customers who were members of the brand's loyalty program. The same process was used during the intrusion of the Family Allowance Fund (CAF) last August.

How to better protect yourself?

Faced with this now very real risk, it is important to adopt the right reflexes. The most important thing is to vary your passwords to avoid making the task easier for cybercriminals.

It is clear that this task is not always easy. To help you, you can use password managers. We have also put together a guide that lists the main offers on the market.

Another option not to be overlooked: two-factor authentication. Indeed, in the case of credential stuffing attacks, if you have activated this tool, you will be immediately notified of the attempted intrusion and will be able to act accordingly.

Finally, and if you have any suspicions, do not hesitate to visit the HaveIbeenPwned website. By entering your email, you will see if your credentials have been compromised in a known data breach.

📍 To not miss any Presse-citron news, follow us on Google News and WhatsApp.

[ ]