This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
According to the FBI, hackers are hacking online accounts at grocery shops, restaurants, and food delivery services using credential stuffing attacks to empty customer cash through fake orders and obtain personal or financial details.
The warning comes from the agency’s Cyber Division, FBI Private Industry Notification issued last week to firms in the US food and agriculture fields. According to the agency, cybercriminal gangs are logging into customer accounts at grocery and food delivery services using username and password combinations stolen from other firms’ breaches, in the hopes that customers have repeated credentials across accounts.
Credential stuffing attacks use automated tools and proxy botnets to distribute the attacks across a wide range of IP addresses and obscure the attackers’ location. Due to billions of user credentials being exposed online, credential stuffing attacks have become prevalent across a wide number of trade verticals over the last decade. Most supermarket, restaurant, and food delivery accounts include a reward points program and generally retain payment card information, as a result, cybercriminals have been concentrating their efforts on these accounts in the last year.
Since July 2020, the FBI has received reports of multiple instances:
“As of February 2021, identified US-based food company suffered a credential stuffing attack that affected 303 accounts through customers’ emails. The cyber actors used six of the compr
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: FBI: Credential Stuffing Attacks on Grocery and Food Delivery Services