Hackers Account For 90 Percent of Login Attempts At Online Retailers

Hackers account for 90% of of e-commerce sites’ global login traffic, according to a report by cyber security firm Shape Security. They reportedly use programs to apply stolen data acquired on the dark web — all in an effort to login to websites and grab something of value like cash, airline points, or merchandise. Quartz reports: These attacks are successful as often as 3% of the time, and the costs quickly add up for businesses, Shape says. This type of fraud costs the e-commerce sector about $6 billion a year, while the consumer banking industry loses out on about $1.7 billion annually. The hotel and airline businesses are also major targets — the theft of loyalty points is a thing — costing a combined $700 million every year.

The process starts when hackers break into databases and steal login information. Some of the best known “data spills” took place at Equifax and Yahoo, but they happen fairly regularly — there were 51 reported breaches last year, compromising 2.3 billion credentials, according to Shape. Taking over bank accounts is one way to monetize stolen login information — in the US, community banks are attacked far more than any other industry group. According to Shape’s data, that sector is attacked more than 200 million times each day.

Shape says the number of reported credential breaches was roughly stable at 51 last year, compared with 52 in 2016. The best way consumers can minimize these attacks is by changing their passwords.