"Credential stuffing" is a term used to describe a technique used by hackers to exploit stolen passwords to gain access to your online accounts. Here’s a primer on how it works and the one simple step you can take to protect yourself.
What is credential stuffing?
When customer data is stolen, in a cybersecurity breach or theft, information including usernames and passwords can be leaked or sold to other hackers.
These bad actors then use a technique called credential stuffing, whereby stolen login credentials are “stuffed” into a program that attempts to fraudulently log in to other sites, including your bank account. If you’re using the same login credentials across a number of websites, it’s as if fraudsters have a single key to unfasten multiple locks.
Banks invest heavily in cyber security to protect the financial system and the personal information of their customers from cyber threats. In the digital age, security is a shared responsibility. You can do your part by taking a simple step to protect against fraudsters from accessing your account – only use unique passwords or passphrases for your sensitive online accounts.
Tips for choosing a better password
If you reuse the same login credentials across multiple sites, hackers can use just that one piece of information about you to access a number of your accounts. So the best way to protect against credential stuffing is to develop a unique password for each of your online accounts, especially sensitive accounts like your bank account and your main email account.
Additional tips and information on good cyber hygiene practices can be found in the Canadian Bankers Association's Cyber Security Toolkit for consumers.