You may have seen the term "credential stuffing" in the news recently. Here’s a primer on how it works and the one simple step you can take to protect yourself.

What is credential stuffing?

When customer data is stolen, in a cybersecurity breach or theft, information including usernames and passwords can be leaked or sold to other hackers.

These bad actors then use a technique called credential stuffing, whereby stolen login credentials are “stuffed” into a program that attempts to fraudulently log in to other sites, including your bank account. If you’re using the same login credentials across a number of websites, it’s more likely that the fraudsters will be successful in accessing your accounts.

Banks invest heavily in cyber security to protect the financial system and the personal information of their customers from cyber threats. In the digital age, security is a shared responsibility. You can do your part by taking a simple step to protect against fraudsters from accessing your account – only use unique passwords or passphrases for your sensitive online accounts.

Tips for choosing a better password

If you reuse the same login credentials across multiple sites, hackers can use just that one piece of information about you to access a number of your accounts. So the best way to protect against credential stuffing is to develop a unique password for each of your online accounts, especially sensitive accounts like your bank account and your main email account. Additional tips and information on good cyber hygiene practices can be found on the Canadian Bankers Association website:

Staying safe online – a cyber hygiene primer

4 simple steps to protect yourself online

Uniquely Human: The future of Banking

Five guiding principles will drive the creation of the banking sector’s future workforce, ensuring banks have the right mix of human and digital capital to navigate the modern economy.

More Videos

Access to low interest credit could provide much needed COVID-19 financial support: CBA

How Canadians Bank

Protect Your Privacy and the Privacy of Others