Simultaneous Infiltration Attempts or Credential Stuffing

Why is it a bad idea to have one very complex password for all your accounts? After all, if it’s very strong, contains 8 upper and 6 lower case letters, 5 numbers and 7 special characters, it’s impossible for anyone to steal it, right?

If we lived in a world without data leaks and hackers, maybe life would be easier, yes. Unfortunately, there are very few people whose personal data has never been stolen and cybercriminals are not lacking in imagination when it comes to committing their crimes. Hackers will use a method called “simultaneous infiltration attempts” to try to access all of a person’s accounts at once. The equivalent of winning the lottery when they succeed!

How simultaneous infiltration attempts work

Fraudsters are well aware that with the increasing number of usernames and passwords that consumers are being asked to create to access different Web sites, they will be tempted to use the same digital identifiers. Human memory has its limits after all…

As evidenced by the numerous newspaper articles that now appear on an almost monthly basis, more and more companies and organizations are falling victim to data leaks. While some leaks are the result of an internal action, the majority are the result of security breaches discovered by cybercriminals in an organization’s network. Once in their possession, this personal data is then distributed on the Internet or sold on the Dark Web. In turn, hackers will use it to try to access many sites.

They download it into a computer program that is tasked with simultaneously connecting to a multitude of sites, including banking sites, in order to access customer accounts. It is estimated that 0.1 to 0.2% of login attempts are successful, allowing the hacker to take over the account corresponding to the stolen credentials. So, if the same digital credentials are used for multiple websites, it’s a safe bet that cybercriminals will have access to whatever they want. This process rarely involves a single individual; rather, criminal groups will use automation to conduct attacks on millions of websites and personal computers.

While companies and organizations, who are responsible for protecting the personal data you entrust to them, are investing significant amounts of money in cybersecurity, the fact remains that every individual also has an active role to play in preventing these simultaneous infiltration attempts.

How to protect yourself against simultaneous infiltration attempts

As we’ve seen, all it takes is one data leak to make digital credentials available to cybercriminals. If consumers use the same username and password for multiple sites, no matter how complex, hackers will only have one combination to use to gain access.

The safest way to protect against simultaneous infiltration attempts is to practice “cyber hygiene”. Just as we practice sanitary hygiene to protect ourselves from endemic and pandemic viruses, we must also practice online computer hygiene to protect ourselves from computer viruses.

Practice cyber hygiene

Use a password manager: a unique numerical identifier can be generated for each site and stored at the same time.
Change all passwords regularly. Yes, even if they are very complex and generated by a password manager.
Protect every electronic device – computer, cell phone, tablet, wifi, etc. – with comprehensive antivirus and VPN software, and be wary of phishing attempts.
Enable two-factor authentication when available.
Never share personal information.
If you think these steps seem like a pain, just think of all the time, money and hassle involved in a cyberattack and identity theft. Let’s be responsible: together, let’s practice cyber hygiene!


More Posts

vPenTest for SMEs: why and how?

vPenTest for SMEs: why and how? Introduction Small and medium-sized enterprises (SMEs) are increasingly targeted by computer attacks, leaving them vulnerable to serious threats such

Send us a message


About us

Receive the newsletter - Register here.
Reviewed on

9125 rue Pascal-Gagnon Suite 204 St-Léonard (Québec) H1P 1Z4

© 2024
AIKI Secure

Customer portal

Simplifying IT
for a complex world.
Platform partnerships