A British energy provider recently notified affected customers of a system breach that compromised account information. The breach led to the decision to shut down the firm's mobile app.
The hackers used an attack called "credential stuffing," which involves using sign-on credentials that have been stolen from other websites and running automated sign-on attempts.
According to cybersecurity experts, this is not a sophisticated attack, and can be prevented if users refrained from using the same password for multiple accounts.
The success of credential stuffing attacks is a primary reason why organizations must promptly notify customers of data breaches. The sooner users realize their password has been compromised, the less likely that password can be used to access other accounts.
Customers affected by a systems breach must be alert to future attempts of fraud and phishing attacks against them. Robert Scammell "Npower data breach: Credential stuffing attack forces app closure" www.verdict.co.uk (Feb. 26, 2021).