Keeper Password Manager was rated as a leading enterprise, mid-market and small business password manager for Fall 2024 by users on G2, the world’s largest and
So far in 2024, many major companies have fallen victim to credential stuffing attacks. Some of these notable credential stuffing victims include Roku, Okta, General Motors and Levi’s. Credential stuffing attacks occur when a cybercriminal uses stolen login credentials to attempt to log in to multiple accounts simultaneously. Since many people reuse their passwords, cybercriminals can use stolen credentials to sign in to many accounts, compromising employee, customer and organizational data.
Continue reading to learn more about each of these major credential stuffing attacks and how your company can stay protected from them.
Roku
Roku first announced it had suffered a credential stuffing attack in March 2024, but on April 12, 2024, the technology company and streaming service became the victim of a second attack. A total of 591,000 customer accounts were impacted by these two credential stuffing attacks. In the first attack, approximately 15,000 accounts were hacked using login credentials stolen from an unrelated third-party source. The second attack, in April 2024, impacted the remaining 576,000 accounts. In both attacks, hackers were unable to gain access to credit card numbers or other sensitive information. Hackers also logged in to almost 400 of the accounts and made unauthorized purchases of streaming subscriptions and other Roku products.
As a result of the credential stuffing attacks, Roku reset the passwords for all 591,000 accounts and reversed the fraudulent charges made on the 400 accounts. The company also enabled Two-Factor Authentication (2FA) on all Roku accounts, regardless of whether they were affected by the credential stuffing attacks. When Roku notified customers of these attacks, the company also advised everyone to create a strong and random password for their Roku account and monitor their account for suspicious activity.
Okta
On April 15, 2024, Okta noticed suspicious activity related to its cross-origin authentication feature, which had become susceptible to credential stuffing attacks. Unfortunately, this attack targeted Okta’s Customer Identity Cloud (CIC) authentication, and an unknown number of customers were affected as a result. Okta found several attempts by cybercriminals to access multiple endpoints to sign in to services with compromised login credentials. The cloud software and IT service company notified customers who had the cross-origin authentication feature enabled that their login credentials were compromised in the attack. Following this credential stuffing attack, Okta gave detailed guidance for how affected customers could mitigate the attack’s effects and prevent further compromises. One part of Okta’s guidance was to start using passkeys for a more secure login experience.
General Motors
Another company that fell victim to a credential stuffing attack in 2024 was General Motors (GM). On May 24, 2024, the automobile manufacturing company discovered that an unauthorized party accessed 65 GM customer accounts to buy GM accessories and products. GM believes an unrelated data leak provided cybercriminals with various login credentials that they used for the credential stuffing attack. In addition to making purchases on customers’ accounts, cybercriminals most likely accessed the names, phone numbers and home addresses of affected GM customers. Any accounts used by the cybercriminals were reimbursed for the fraudulent payments.
GM required all 65 impacted accounts to reset their passwords and enable Multi-Factor Authentication (MFA). The company also reported this cyber attack to law enforcement in hopes of finding the cybercriminals responsible.
Levi’s
On June 13, 2024, Levi’s suffered a credential stuffing attack after the clothing company noticed an unusual spike in website activity. Over 72,000 customer accounts were compromised when cybercriminals obtained login credentials from a third party or data breach, then used bots to launch credential stuffing attacks on Levi’s website. The same day, Levi’s took quick action by forcing all affected accounts to reset their passwords. Levi’s warned its impacted customers that the cybercriminals may have been able to view their order history, name, email address, home address and partial credit card information. The company also strongly suggested that all affected customers verify the personal information on their accounts and change their password to a strong and unique one.
Stay protected against credential stuffing attacks
You can stay protected from credential stuffing attacks by investing in a password manager like Keeper®. A password manager ensures that your passwords are secure in an encrypted, digital vault. With a business password manager, you can even require all your employees to use MFA to log in to their accounts. Using a password manager, whether you’re an individual or business, will prevent cybercriminals from gaining access to your information through credential stuffing attacks. You can also invest in an add-on called BreachWatch, which will notify you in real time if your passwords were compromised or are found on the dark web.
Start your free 30-day trial of Keeper Password Manager or free 14-day trial of Keeper Business today to make sure you are using strong passwords and storing them securely.