You may have seen the term "credential stuffing" in the news recently. Here’s a primer on how it works and the one simple step you can take to protect yourself.
What is credential stuffing?
When customer data is stolen, in a cybersecurity breach or theft, information including usernames and passwords can be leaked or sold to other hackers.
These bad actors then use a technique called credential stuffing, whereby stolen login credentials are “stuffed” into a program that attempts to fraudulently log in to other sites, including your bank account. If you’re using the same login credentials across a number of websites, it’s more likely that the fraudsters will be successful in accessing your accounts.
Banks invest heavily in cyber security to protect the financial system and the personal information of their customers from cyber threats. In the digital age, security is a shared responsibility. You can do your part by taking a simple step to protect against fraudsters from accessing your account – only use unique passwords or passphrases for your sensitive online accounts.
Tips for choosing a better password
If you reuse the same login credentials across multiple sites, hackers can use just that one piece of information about you to access a number of your accounts. So the best way to protect against credential stuffing is to develop a unique password for each of your online accounts, especially sensitive accounts like your bank account and your main email account. Additional tips and information on good cyber hygiene practices can be found on the Canadian Bankers Association website:
Staying safe online – a cyber hygiene primer
4 simple steps to protect yourself online