Email was never built to be your digital passport. Created as a simple, open-network protocol for exchanging messages between trusted parties, it lacked the foundational architecture for authentication, financial security, or identity verification.
Yet today, email has quietly become the de facto primary identifier for billions of users. From resetting bank passwords to approving high-value transactions, the email address is the gatekeeper of the digital economy. This reliance has created a security paradox: we treat email as a permanent, trusted anchor of identity, even though it is one of the most easily compromised assets in a criminal’s toolkit.
Learn more →In the modern digital economy, the email address has transcended its original purpose as a communication tool. It has become the near-universal unique identifier — the primary digital ID for billions of users. From financial services to SaaS products, the email address is the default gatekeeper for account creation, password resets, and high-value transactions.
However, this reliance has created a dangerous security paradox: while email is treated as a permanent, trusted anchor of identity, it was never designed to be one. To secure the digital ecosystem, companies must shift from assumed trust to continuous risk assessment.
Learn more →Yes, criminal activity spikes during peak shopping season. But the most damaging fraud often doesn’t happen in November or December. It happens months later — after the holidays have passed and attention has shifted — using accounts that were created, compromised, or harvested during peak volume.
Fraudsters don’t treat the holidays as a sprint. They treat them as account setup season.
In the 62 days of November and December, myNetWatchman observed the following from live data sources:
Learn more →Business leaders and fraud managers invest significant resources in verifying and authenticating new customers. You implement rigorous fraud checks, confirm identities, and follow best practices to ensure each account is secure at the point of creation. At that moment, you can be confident the account is trustworthy.
Here’s the hard truth: even if you’ve verified a customer at signup, their account can still be at risk the next day — all because of their email address.
Learn more →Apple just opened iPhone 17 pre-orders, and history has shown that fraudsters treat new-phone hype and holiday volume as their favorite cover.
Sleeper Accounts: Set for Attack
One common tactic used by fraud groups is to set up accounts well in advance of an attack. These accounts — sometimes called “sleeper” or “dormant” accounts — are used to hit companies at scale and avoid the scrutiny of guest checkouts. Fraudsters typically create new accounts using synthetic identities or compromise existing accounts.
Learn more →Excerpts from the Special Report, “The Economics of Credential Stuffing Attacks and Account Takeover Fraud” by myNetWatchman.
Credential stuffing has endured because it’s ruthlessly economical.
Attackers take username/password pairs harvested from one breach — or several combined — and automate login attempts across thousands of sites. Even when only a tiny fraction succeed (think 0.00018% to 0.025%), the sheer scale turns pennies into profits and headaches into real losses for businesses. The problem persists because consumers, employees, and vendors reuse passwords, and criminals can cheaply rent botnets, proxies, and tools that mimic human behavior.
Learn more →Credential stuffing is a serious cyberattack because it’s cheap, easy to scale, and takes advantage of the common problem of people reusing passwords. Even though only a tiny fraction of these attacks succeed (0.00018% to 0.25%), the sheer number of attempts means big profits for criminals and big costs for organizations. The financial gains for attackers, combined with how these attacks work, highlight the urgent need for strong defenses.
Our latest report, “The Economics of Credential Stuffing Attacks and Account Takeover Fraud,” breaks down why these attacks are so effective and what they cost both criminals and organizations. Inside, you’ll learn about:
Learn more →According to the 2025 Verizon Data Breach Incident Report, credential abuse (credential stuffing, account takeover attacks, etc.) is the leading initial attack vector — up over 22%. Credential screening — evaluating credentials for potential compromise at login, signup, and account reset — is a best practice for enhancing security measures to fight these types of attacks.
Many organizations use breach data to screen against compromised credentials. However, using breach data alone can result in higher false positive rates, poor user experiences, and increased fraud remediation costs.
Learn more →To all CISOs, cybersecurity managers, and fraud prevention experts out there — pull up a chair. We need to talk about something both utterly shocking and yet unbelievably common.
It’s about the recent McDonald’s data breach that affected 64 million job applicants through a vulnerability so basic it’s almost cartoonish: the password “123456.”
The Golden Arches’ Glaring Security Gap
This wasn’t a sophisticated nation-state attack or a zero-day exploit. This was a facepalm moment brought to you by a third-party AI system, Paradox.ai, which provides the McHire platform for screening candidates.
Learn more →In our digital-first world, passwords — combined with an email address or User ID — are the primary gatekeepers to vast amounts of sensitive data. However, for nearly every online company, this reliance on passwords as a verification and identity method presents a critical weakness, leaving them vulnerable to credential stuffing, account takeover, and ransomware attacks.
Pervasive Problems: Weak, Reused, and Leaked Passwords
A Cybernews study on billions of leaked passwords revealed that a staggering 94% are either reused or duplicated across multiple services. Many users opt for “lazy” patterns like “123456” or simple combinations of lowercase letters and digits, making them trivial targets for brute-force and dictionary attacks. Despite decades of cybersecurity education, there has been little to no progress in user behavior.
Learn more →While organizations invest heavily in perimeter defenses, a critical vulnerability often lurks within: the exposed email addresses, passwords, and user IDs of employees and third-party vendors. These seemingly small exposures can provide an open door for cybercriminals to unleash devastating ransomware attacks, data breaches, and other malicious activities.
Recent incidents at major retailers like Victoria’s Secret and Adidas serve as stark reminders. Victoria’s Secret’s internal corporate systems and customer website were shut down for several days. Adidas’ customer data was stolen from a third-party vendor. Overlooking the security posture of internal personnel and external partners is a significant threat that many companies fail to adequately address.
Learn more →Imagine Johnny, an AI expert, famous for his globetrotting talks, boasting about racking up over a million Delta miles. Unbeknownst to him, in his audience sits Billy, a tech guru with a less-than-ethical focus — stealing travel loyalty points to sell discounted travel.
Billy spots Johnny as a potentially “ripe target.” His initial challenge is accessing Johnny’s Delta account without knowing his email or password. At this stage, the odds of success are astronomically low — estimated at 1 in 100 billion. But Billy collects vast amounts of breach data, and his odds improve dramatically with each additional piece of information he obtains.
Learn more →The cybersecurity landscape is facing unprecedented challenges — and businesses are falling behind in robust, proactive defense strategies. As highlighted in the most recent Verizon report, a critical element in this environment is the pervasive threat of compromised credentials.
Verizon’s 2025 DBIR: Key Findings
- Credential abuse (22%) and exploitation of vulnerabilities (20%) are the leading initial attack vectors
- The report analyzed over 22,000 security incidents, including 12,195 confirmed data breaches
- Third-party involvement in breaches doubled to 30%, emphasizing supply chain risk
- Ransomware has risen 37% since last year, now present in 44% of breaches
- For SMBs, ransomware appears in 88% of breaches — the impact is disproportionate
Account Takeover as a Major Threat
Criminals leverage stolen email addresses, user IDs, and passwords to take control of legitimate user accounts, leading to fraud events. Compromised credentials provide attackers with the initial access needed to deploy ransomware — and beyond.
Learn more →Why are 87% of travel companies still losing sleep over Account Takeover (ATO)? Because it’s a relentless, evolving threat — and if you’re in the travel industry, you’re a prime target.
This webinar brought together industry leaders for an urgent panel discussion on the alarming rise of account takeovers in the travel sector.
Expert panelists:
- Amitabh Ghosh — Vice President Technology, Travel Platform, eCommerce, Fraud & Risk, Expedia
- Christopher Staab — Loyalty, Frequent Flyer, Payment & Fraud Expert; Co-Founder, Loyalty Security Alliance
- David Montague — CEO, myNetWatchman
Key topics covered:
Learn more →Recent news brought this topic close to home: Troy Hunt, a renowned security expert and the creator of Have I Been Pwned (HIBP), recently shared that he fell victim to a sneaky phishing attack targeting his Mailchimp account.
Troy received an email that looked like it was from Mailchimp, claiming there was a spam complaint and that he needed to log in to resolve it. Being tired and a bit jet-lagged, he clicked the link and entered his credentials — only to realize moments later it was a fake site. The attackers immediately used this access to export his blog’s mailing list, containing around 16,000 records.
Learn more →Imagine this: You have elite frequent flyer status. You’ve spent years building up your miles, dreaming of that perfect vacation with your family. Then one day, your digital world crumbles. You can’t access your account. Your miles vanish. Your dream vacation turns into a nightmare.
This is exactly what happened to Steve.
For years, he’d been the airline’s dream client — clocking in countless hours and millions of miles. One day, Steve simply couldn’t access his frequent flyer account. He tried different passwords, different devices. Nothing. The customer service team could see his account, his miles, his upcoming trips — but couldn’t grant him access.
Learn more →In the world of online security, it’s tempting to take a rigid, unyielding stance against bad actors. Block any suspicious IP address, and bam — problem solved, right? Not quite.
“Be like water making its way through cracks. Do not be assertive, but adjust to the object, and you shall find a way around or through it.” — Bruce Lee
The Problem with IP Blocking
Many security solutions rely heavily on IP address blocking as a primary defense. While seemingly straightforward, this tactic is fraught with issues:
Learn more →Credential stuffing is a middle step in a multi-faceted process: consumer login credentials go from being compromised — through a data breach, keystroke logger malware, or phishing — to being monetized. Cybercriminals use credential stuffing to identify the compromised username/password pairs that are valid on other sites, then sell them on the dark web for fraudulent purchases, gift card theft, reward point draining, PII scraping, and ATO.
“24 hours is all it takes a sophisticated fraudster organization to steal, test, and put compromised data out on the dark web markets for sale. Experienced criminals have these steps optimized to maximize the value of the data they’ve acquired.” — Don Bush, myNetWatchman
Learn more →
The PowerSchool data leak serves as a stark reminder of the critical importance of protecting user credentials — implementing a service to check whether usernames and passwords are known to be compromised, and enforcing a strong password change policy.
What Happened
Hackers gained access to PowerSchool’s system — likely through stolen credentials — exploiting a vulnerability in the PowerSource support portal. This highlights a common attack vector: compromised credentials. Weak passwords, phishing scams, or credential reuse across platforms can grant unauthorized access to sensitive data.
Learn more →The old practice of a canary in a coal mine served as an early warning system, detecting harmful gases before they claimed lives. Similarly, active web monitoring can be a digital canary — alerting businesses to potential threats before they escalate into full-blown account takeovers.
“Credential stuffing is akin to a thief trying multiple keys on a set of doors.” — David Montague, CEO, myNetWatchman
Common fraud prevention tools — bot detection, IP blocking — are essential first lines of defense that let you “blunt” an attack. But they create a false sense of security: it can be difficult to tell when an attack occurred, and they won’t tell you which accounts were targeted or successfully compromised.
Learn more →Many organizations rely on myNetWatchman to protect against credential stuffing and account takeover attacks — but account security is especially critical for financial institutions (FIs). This article explores a real credential stuffing attack against a large FI, observed in real-time between June and August 2024.
It’s a High-Volume Numbers Game
Credential stuffing systematically tests exposed credential pairs to see where the same combination works elsewhere. The attack in this case study saw over 8 million unique usernames attempted in a 6-week period — not to succeed on all of them, but to identify the ones that do.
Learn more →