Recent Headlines

Press Inquiries:
Most Login Attempts are Criminal
July 31, 2018 / Ania Lichtarowicz, BBC

BBC talks with Shape Security CTO Shuman Ghosemajumder to dig deeper into the data behind cybercrime.

Credential Spills Fuel Account Takeover Threats
July 30, 2018 / Roy Urrico, Credit Union Times

“Credential stuffing attacks burden an IT, security, fraud, and customer service department in different ways.”

What Hackers are Doing with YOUR Passwords
July 22, 2018 / Cyber Security News

“Credential stuffing is when hackers fill a database with as many passwords and usernames they can find and feed them into an automated hackers’ tool that pounds away at a specified website.”

Hackers Fingered in About 90% of Attempts at Login on E-Commerce Websites
July 20, 2018 / Ali Raza, Koddos

“It is statistically proven that an average of about 90% of all login attempts upon e-commerce websites are aimed at credential stuffing.”

Hackers account for 90% of login attempts at online retailers
July 20, 2018 / E Hacking News

“Selling stolen personal data is a big business for hackers. Somewhere on the dark web, your e-mail address and a few passwords are probably for sale.”

If you shopped at these 15 stores in the last year, your data might have been stolen
July 20, 2018 / Dennis Green and Mary Hanbury, Business Insider

“At least 15 separate security breaches occurred at retailers from January 2017 until now. Many of them were caused by flaws in payment systems, either online or in stores.”

Here's What Hackers Do With All Your Stolen Passwords
July 20, 2018 / Lee Mathews, Forbes

“At least 15 separate security breaches occurred at retailers from January 2017 until now. Many of them were caused by flaws in payment systems, either online or in stores.”

2.3B credentials were stolen in 2017: These industries suffered the most
July 19, 2018 / ThreatBrief

“In 2017, some 2.3 billion account credentials were stolen because of 51 independent credential spill incidents.”

You won’t believe how many e-commerce login attempts are made by hackers.
July 19, 2018 / Ed Hardy, Cult of Mac

“Go to your Amazon, Zappos, etc. account now and change the password to something stronger. That’s the takeaway from a cyber security firm’s report that says a whopping 91 percent of all attempts to log into e-commerce websites are from hackers.”

ThreatList: Sizing Up The Scourge of Credential-Stuffing
July 19, 2018 / Tom Spring, Threatpost

“Over two billion credentials were stolen in 2017 and contributed to the complex problem of credential spills, credential stuffing and account takeover fraud.”

Most retail site traffic aims to steal accounts
July 19, 2018 / Joe Uchill, Axios

“The criminals that go into your Amazon account and buy stuff are typically not the guys who stole your password. They're at the end of a long chain of bad guys.”

Inside look at lifecycle of stolen credentials and extent of data breach damage
July 19, 2018 / Help Net Security

“Shape Security’s report found that an average of 15 months elapsed between the day credentials were compromised and the day the spill was reported by an organization. This is the most dangerous window of time...”

Web Forums, Social Media Targets for Credentials
July 18, 2018 / Kacy Zurkus, Info Security

“Web forums were the greatest targets for credential spills during 2017, which saw more than 2.3 billion credentials from 51 different organizations reportedly stolen, according to a new report from Shape Security.”

2.3B credentials were stolen in 2017: These industries suffered the most
July 18, 2018 / Macy Bayern, TechRepublic

“Shape Security's 2018 Credential Spill Report reveals the severity of data breaches and offers insight to the lifespan of stolen information.”

Hackers account for 90% of login attempts at online retailers
July 18, 2018 / John Detrixhe, Quartz

“Online retailers are hit the most by these attacks, according to a report by cyber security firm Shape Security. Hackers use programs to apply stolen data in a flood of login attempts, called credential stuffing.”

Hackers Targeting Online Retailers Can Cost Businesses Billions Of Dollars
July 18, 2018 / Erin Corbett, Fortune

“A new study by cyber security firm Shape Security found that more than 90% of the login traffic of online retailers actually comes from hackers using stolen login data.”

What you need to know about your browser's digital fingerprints
June 5, 2018 / Rob Verger, Popular Science

“Fingerprinting is just little bits of data that lead up to something specific,” says Jarrod Overson, the director of engineering at Shape Security, a cybersecurity company. “And it gets to be problematic when those data bits end up leading to individual people.”

Why GDPR is good for security and the economy
May 23, 2018 / Sumit Agarwal, The Parallax

“GDPR’s effects will reach far beyond consumer privacy. Companies seeking to avoid the regulation’s stiff penalties will soon see—if they haven’t already—that security is the core issue.”

Damage from Saks, Lord & Taylor Breach Still Difficult to Assess
April 2, 2018 / Steve Rosenbush, The Wall Street Journal

“When Under Armour reports that potentially tens of millions of users have had their usernames and passwords stolen, this has a much bigger long-term effect on users' security on other online accounts, due to most peoples' habits of reusing the same passwords.”

International Headlines

Friday FYI: 9 out of 10 of website login attempts? Yeah, that'll be hackers
July 20, 2018 / John Dunn, The Register

“Credential stuffing is rampant – so try not to reuse the same password on every site, eh?”

Cyber criminals account for 90% of all login attempts at online retailers
July 19, 2018 / Joe Pinkstone, Daily Mail

“Those who use the same combination of email address and password across multiple online services are likely to fall victim to this type of attack.”

90% of login attempts on ecommerce sites come from hackers
July 19, 2018 / MyBroadband

“On average, 90% of all login attempts at ecommerce sites are credential-stuffing attacks. Around 60% of attempts at airlines and consumer banks are attacks, while 44% of attempts hotels see are attempts to take over accounts.”

90 Prozent der Loginversuche in Shops kommen von Unbefugten
Germany / July 19, 2018 / Golem

“Obwohl es 2017 weniger Fälle geleakter Zugangsdaten gab, blüht der Handel mit E-Mail-Adressen und Passwörtern wie eh und je. Das funktioniert auch deswegen so gut, weil Nutzer noch immer ein und dasselbe Passwort für verschiedene Konten verwenden.”

Les hackers se servent de nos données pour faire du trafic de fromage de luxe
France / July 19, 2018 / L'ADN

“Sur le darknet, on trouve de tout et surtout des données d'identification. Et les hackers s'en servent pour se remplir les poches. Un conseil, variez vos mots de passe.”

Japan / July 19, 2018 / My Navi

“Shape Securityがこのほど、「2018 Credential Spill Report|Shape Security」において、年に1回公開している情報漏洩に関するデータをまとめた報告書の2018年版となる「2018 Credential Spill Report」の公開を伝えた。同社がCredential Spill Reportを公開するのは、今回で2017年版に続き2回目となる。”

網路充斥「虛假流量」?推特刪千萬假帳號、9千萬 IG 用戶疑機器人
Taiwan / July 20, 2018 / Liberty Times Net

“另一調研機構 Shape Security 則指出,統計全球 2017 年電商網站的「登入流量」中,亦有高達 91% 是來自駭客們的攻擊,而不是消費者的實際行為。零售電商網站因業務性質,儲存了大批會員的個資、購買行為,甚至有信用卡號等敏感資料,成為駭客特別愛攻擊的目標。”

Archived News: