Understanding Credential Stuffing

Credential stuffing happens when cybercriminals capture or purchase usernames acquired in a data leak or breach and barrage target websites with login attempts for those usernames. These cybercriminals assume people use the same login credentials across multiple websites, or may try slight variations or random usernames hoping one will work to gain access.

Credential stuffing is on the rise across all industries and a site being targeted doesn’t mean that their own customer personal information has been compromised. When underway, the imprecise nature of this attack yields few actual passwords but can trigger notifications of unsuccessful login attempts and drive customer account lockouts. There are methods to identify and combat credential stuffing attempts. Unfortunately, cybercriminals are constantly increasing the sophistication of their masking, making it harder to separate from actual user activity.

You can increase your account protection by keeping your usernames as unique as possible, monitoring lists of known data leaks (i.e. with tools such as Firefox Monitor and others available), and most importantly, ensuring that you never reuse passwords across different sites.

For Dollar Bank customers

If your Dollar Bank User ID is common or you use the same user name for an online account on another website, consider changing it to enhance your account protection. To do this, please log in to Online Banking or our mobile app and go to My Profile > Profile Updates and select User ID. Make sure to select a complex and unique User ID (combination of letters, numbers and special characters and low likelihood of others using similar user names on other sites).