Akamai Diversity

The Akamai Blog

'State of The Internet' Report: Account Checker Attacks Target E-Commerce

One of the most interesting highlights of our latest "State of the Internet" report -- in my opinion -- involves something called account checker attacks. The big victim here: e-commerce websites.

--Please join us on Sept 26th at 11 AM ET for our next "Crush the Rush" holiday readiness webinar to learn more about how to protect your site and holiday season revenue. Mike Smith, director of our CSIRT Team, and Daniel Shugrue will be detailing the types of attack trends that Akamai is seeing and ways in which other customers have mitigated the latest threats. Click here for more details.

From the report:

In the first and second quarters of 2013, Akamai observed attempted account takeover behavior for a number of merchants resulting from reuse of credentials obtained from other sites. Lists of username and password combinations are available in carder forums or on pastebin, or acquired from compromised merchants. Because users often use the same username and password across multiple merchants and other non-commerce sites, this allows attackers to use the compromised credentials on a number of target merchants. 

It turns out attackers are using automated tools called "account checkers" to quickly fish out valid user ID/password combinations across a large number of e-commerce sites. The bad guys use these tools to quickly identify valid accounts that they then proceed to hijack. Victims reported the following red flags:

•User complained that their account mailing address has been altered
•Multiple other users' information was altered in a similar time frame
•Many failed logins were detected in a short period of time from a small number of IP addresses
•Accounts were reported to be locked.
•All this is followed by an uptick in fraud.

There are many more details of what we found in the full report, which you can download here.