News Insights: State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack | ZDNet
State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack | ZDNet
State Farm suffered a credential stuffing attack in July and is now notifying impacted customers.
News Insights:
Cybersecurity expert Adam Laub, chief marketing officer at STEALTHbits Technologies, commented:
“As already implied, unique username and password combinations are indeed the number one way to mitigate the effectiveness of credential stuffing attacks. However, the burden of creating and maintaining these unique combinations falls on the shoulders of the proverbial “weakest link” (i.e., the end user). It may be time for organizations to take matters into their own hands though. If end users can’t or won’t comply with the guidance being provided to keep their accounts safe, perhaps proactive analysis of user account passwords and forced remediation when they’re determined to be vulnerable to password guessing attacks may be the only way to address this particular attack vector. The fear for businesses is obviously end user pushback, but with stiffening regulations and fines, the cost of end user frustration would appear to be minimal in comparison with non-compliance.”
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.