According to a blog post by a US-based VPN provider, hackers conduct more than 87 million "credential stuffing" attacks against Americans every day

Atlas VPN extracted data from a publicly available study summarizing research by security firms Akamai and F5 The two security firms found that credential stuffing attacks are rapidly increasing in the US, with 36 million occurring every hour

According to Atlas VPN, the increase in credential stuffing is due to the high number of data breaches in recent years

Credential stuffing (which accounts for 44% of financial services attacks) is when cybercriminals systematically attempt to access personal or company accounts using stolen credentials from previous data breaches involving other accounts

The reason credential stuffing works is simple: people reuse passwords If you use strong, unique passwords for each online account and use the best password managers or other methods to manage your passwords, credential stuffing will not be a problem

If a credential stuffing attack is successful, the victim will not only suffer financial loss, but may also be a victim of identity theft if the hacker has access to personal information

Between December 1, 2017 and November 30, 2018, Akamai observed approximately 64 billion credential stuffing attack attempts in the United States

Akamai reports that countries such as India, China, Canada, the United Kingdom, Brazil, the United Arab Emirates, Australia, Italy, and Switzerland received only 169 billion credential stuffing attacks in total during this period

This represents only 264% of the total number in the US Atlas VPN attributes this discrepancy to the greater number of records leaked in the US

Rachel Welch, COO of Atlas VPN, said: " Individuals who want to protect themselves from credential stuffing attacks should set up two-factor authentication [2FA] whenever possible"

"When hackers discuss credential stuffing attacks on the dark web, they often complain that two-factor authentication is the biggest obstacle to a successful cyber attack"

That is true, and we recommend turning on 2FA whenever possible because it helps protect your account from several different types of attacks However, it is even easier to not reuse passwords, which can stop credential stuffing altogether

Atlas VPN also notes a report from security firm Recorded Future and an article on the Help Net Security website

These sources include research showing that online criminals often require automated credential checkers ($150) and network proxies ($250 per week) to carry out these attacks, as well as cybercriminals hacking eBay, Amazon, PayPal accounts for as little as $350, $2, and $1, respectively, on the dark web