23B credentials were stolen in 2017 These industries suffed thmo

Shape Securitys 2018 Credential Spill Report reveals the severity of data breaches and offers insight to the lifespan of stolen information.

ByMacy BayernJuly 18, 2018, 8:11 AM PST

IT pros guide to GDPR compliance (free PDF)

GDPR vs. ePrivacy: The 3 differences you need to know

Facebook data privacy scandal: A cheat sheet

Microsoft: Heres our 4 step plan for getting rid of passwords forever

In 2017, some 2.3 billion account credentials were stolen because of 51 independent credential spill incidents, according toShape Securitys second annualCredential Spill Report. The main industries affected were consumer banking, retail, airline, and hospitality, which were primarily attacked via credential stuffing and account takeovers, according to Shape Securitys press release.

Credentials are often spilled through data breaches or personal attacks on users, in which cybercriminals obtain the credentials and use them on a wide array of websites and mobile apps, explained the press release.

Credential stuffing are large scale cyberattacks where criminals use stolen credentials over a mass amount of logins. These attacks are often successful because of users reusing passwords, said the release, which is no surprise, as25% of employeesuse the same passwords for every account. Attackers then use the information to commit various fraudulent actions, from unauthorized bank transfers to online purchases.

SEE:IT leaders guide to cyberattack recovery(Tech Pro Research)

Credential stuffing has become an increasingly popular attack vector powering a robust and complex criminal ecosystem, said Shuman Ghosemajumder, CTO of Shape Security, in the press release. What most people dont realize is the domino effect of damage that a single breach is capable of producing. To fight back, organizations have started banding together to build a collective defense to be alerted when credentials stolen from one breach are being used to log in to another, effectively blocking attackers attempting to access their platforms with compromised credentials.

An average of 15 months passed between the day credentials were stolen and the day the incident was realized and reported by an organization, said the release. With this substantial amount of time, cybercriminals can carry out a slew of attacks. Roughly 1 million credentials were exposed to criminals every day in 2017, said the report.

VBulletin vulnerabilities, misconfigured databases or servers, and malware and phishing campaigns were the other top causes of credential spills in 2017, said the press release. Shape Security even estimates an average of 232.2 million malicious login attempts per day with a .05% success rate.

The big takeaways for tech leaders:

Some 2.3 billion account credentials were compromised because of 51 credential spill incidents in 2017 Shape Security, 2018.

Businesses can protect themselves by creating a collective defense to be alerted about stolen credentials as quickly as possible Shape Security, 2018.

Stay informed, click here to subscribe to the TechRepublic Cybersecurity Insider newsletter.

Youve been breached: Eight steps to take within the next 48 hours (free PDF)(TechRepublic)

This malware is harvesting saved credentials in Chrome, Firefox browsers(ZDNet)

Cheat sheet: How to become a cybersecurity pro(TechRepublic)

Oktas Chrome plug-in tells you when hackers have your password(CNET)

Macy Bayern is a Multiplatform Reporter for TechRepublic. A recent graduate from the University of Texas at Austins Liberal Arts Honors Program, Macy covers tech news and trends.

Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.

Macy Bayern is a Multiplatform Reporter for TechRepublic. A recent graduate from the University of Texas at Austins Liberal Arts Honors Program, Macy covers tech news and trends.

Can Russian hackers be stopped? Heres why it might take 20 years

The new commute: How driverless cars, hyperloop, and drones will change our travel plans

Exomedicine arrives: How labs in space could pave the way for healthcare breakthroughs on Earth

How Sephora is leveraging AR and AI to transform retail and help customers buy cosmetics

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.

Our editors highlight the TechRepublic articles, galleries, and videos that you absolutely cannot miss to stay current on the latest IT news, innovations, and tips.

Open source vs. proprietary software: A look at the pros and cons

Matthew Hughes

TNW uses cookies to personalize content and ads to make our site easier for you to use. We do also share that information with third parties for advertising & analytics.

Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow himon Twitter.

Slack is buying HipChat and Stride in the process.

TNW went undercover at PUBGs Global Invitational and found a pack of noodles.

The courses are aimed at developers of all levels.

Expect to see more questions about Kylie Minogue than Kylie Jenner.

Twitter has announced its tightening control over its API in order to protect the platform from spam and abuse. The Twitter …

For lots of people, moving apartments is hampered by difficulties in scraping together a security deposit. If youre living …

Move Mirror makes quirky GIFs by watching you move — and it all happens in the browser.

Project Athenian will protect against DDoS attacks and defacements for free.

One of the more interesting fitness trackers on the market.

Sit back and let the hottest tech news come to you by the magic of electronic mail.

Prefer to get the news as it happens? Follow us on social media.

Got two minutes to spare? Wed love to know a bit more about our readers.

All data collected in the survey is anonymous.

Cloudflare launches free servicfor statand local governments to protect election websiteagainst cyb atck(Mthew HugsThNexWeb

Cloudflare launches free service for state and local governments to protect election websites against cyber attacks (Matthew Hughes/The Next Web)

Cloudflare launches free service for state and local governments to protect election websites against cyber attacks Cloudflare has launched a new initiative, called the Athenian Project, to protect electoral websites from online attacks. The service is available free of charge

Click to share on Twitter (Opens in new window)

Click to share on Facebook (Opens in new window)

Click to share on Google+ (Opens in new window)

Click to share on LinkedIn (Opens in new window)

Click to share on Tumblr (Opens in new window)

Click to share on Pinterest (Opens in new window)

I make this blog in my passionate..View all posts by Amit Sahay

Please log in using one of these methods to post your comment:

You are commenting using your account.(LogOut/Change)

You are commenting using your Google+ account.(LogOut/Change)

You are commenting using your Twitter account.(LogOut/Change)

You are commenting using your Facebook account.(LogOut/Change)

Notify me of new comments via email.

One day, Googles Fuchsia OS may become a real thing

Cloudflare recruits state and local governments for free election site security program

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.

To find out more, including how to control cookies, see here:Cookie Policy%dbloggers like this:>

Cloudflare launches Spectrum to protect almost anything conned tohe Internet

TNW uses cookies to personalize content and ads to make our site easier for you to use. We do also share that information with third parties for advertising & analytics.

For eight years,has made a name for itself by protecting websites against malicious floods of traffic. Now, the company is extending its DDoS safeguards to other services connected to the Internet like games and email servers, and internet of things (IoT) devices.

Spectrum works much in the same way as the mainstream Cloudflare product. It works by proxying Internet traffic through the companys globally-distributed data centers.

Cloudflares software automatically routes users through the most geographically-close data center, in order to offer the fastest speeds. It also automatically discards traffic it believes to be malicious, like what youd see with a DDoS attack, ensuring sites cannot be easily felled.

With Spectrum, this protection is extended beyond websites. It works with pretty much anything youd connect to the Internet.

Theres certainly a need for this type of tool. In recent years, DDoS attacks have increased in size and potency, but have also gone after some pretty non-traditional targets. When Pokmon Go launched in 2016, it was almostimmediately struck by a DDoS attackthat temporarily halted gameplay for millions. Later that year, a huge swathe of the Internet was disrupted afterattackers targeted Dyn a major provider of DNS services.

In addition to offering DDoS protection and faster connections, Cloudflare also reckons Spectrum will extend the security of some older legacy software products. For example, if a workplace uses an old piece of software that doesnt support transport-level encryption, Spectrum will automatically protect it without causing any compatibility headaches.

In a statement, Cloudflare CEO Matthew Prince said: Cloudflare has always been focused on improving the Internet experience for users around the world, but until now, weve only protected and accelerated web protocols. Spectrum represents a huge step in helping to build a better Internet, as we open the power of Cloudflare to protocols beyond the web.

Unlike the standard Cloudflare product, which is available to sites large and small, Spectrum will at first only be available to the companys larger enterprise clients.

Read next:Is voice search set to become the next frontier?

Facebook follows YouTube in suspending Alex Jones

Researchers published a cannabis study thats dangerously misleading

Heres the difference between blockchain and distributed ledger technology

Facebook will spend $10M on CEO Mark Zuckerbergs private jets and security

Stay tuned with our weekly recap of whats hot & cool by our CEOBoris.

Did Google stop domain fronting as a censorship move?

The Earths magnetic field is reversing more than ever. Heres why

Googles AR design guidelines arent complete shit, but should be better

Wanna start an e-commerce store that actually makes money? Heres what you do…

Prime Day is bad for Amazons brand

© 20062018 The Next Web B.V.

Sit back and let the hottest tech news come to you by the magic of electronic mail.

Prefer to get the news as it happens? Follow us on social media.

Got two minutes to spare? Wed love to know a bit more about our readers.

All data collected in the survey is anonymous.

Cloudflare

This content is currently available in english only. We are constantly working to provide more content in english. Thank you for your patience.

By clicking Sign-up, I agree toCloudflares terms and conditionsandprivacy policy.

I agree toCloudflares terms and conditionsandprivacy policy.

Cloudflare makes more than 9,000,000 properties faster and safer. Join today!

Performance, Security, Reliability: Pick three.

Cloudflares Anycast network keeps your website, app, or API online and running smoothly, so you can focus on your business. Join a network that gets smarter as it grows.

By clicking Sign Up, I agree toCloudflares terms and conditionsandprivacy policy.

Name is required. Please enter a name.

Company name required. Please enter a company name.

Phone number required. Please enter a phone number.

Website URL required. Please enter a website similar to

A trusted individual from the Cloudflare Sales Team will be in touch with you shortly.

15 Tbps Capacity and 151 Data Center Global Footprint

Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Our Anycast technology enables our benefits to scale with every server we add to our growing footprint of data centers.

Cloudflare dramatically improves website performance through our globalCDNand web optimization features.Learn more

CloudflaresWAFDDoS protection, and SSL defend website owners and their visitors from all types of online threats.Learn more

With over 35% market share, Cloudflare runs the largest, fastest, and most reliablemanaged DNSservice in the world.Learn more

Cloudflares network helps identify visitor and bot behavior that isnt accessible to conventional analytics technologies.Learn more

Set up a domain in less than 5 minutes. Keep your hosting provider. No code changes required.

Cloudflare makes more than 9,000,000 properties faster and safer. Join today!

Cloudflares solution just works. Their team accomplished all our requirements and customizations propagated near instantly. And, as an added bonus, their pricing is predictable and flat, regardless of how much our bandwidth usage grows.

GM of Zendesk Online Business UnitTrusted By

Over 9,000,000 Internet Applications and APIs

To provide you with the best possible experience on our website, we may use cookies, as describedhere.

By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.