Email was never built to be your digital passport. Created as a simple, open-network protocol for exchanging messages between trusted parties, it lacked the foundational architecture for authentication, financial security, or identity verification.
Yet today, email has quietly become the de facto primary identifier for billions of users. From resetting bank passwords to approving high-value transactions, the email address is the gatekeeper of the digital economy. This reliance has created a security paradox: we treat email as a permanent, trusted anchor of identity, even though it is one of the most easily compromised assets in a criminal’s toolkit.
Learn more →In the modern digital economy, the email address has transcended its original purpose as a communication tool. It has become the near-universal unique identifier — the primary digital ID for billions of users. From financial services to SaaS products, the email address is the default gatekeeper for account creation, password resets, and high-value transactions.
However, this reliance has created a dangerous security paradox: while email is treated as a permanent, trusted anchor of identity, it was never designed to be one. To secure the digital ecosystem, companies must shift from assumed trust to continuous risk assessment.
Learn more →Savannah, GA, October 21, 2025 — myNetWatchman today announced the release of the Travel Credential Abuse Index (TCAI) Report, a first-of-its-kind benchmark tracking credential-based cyberattacks across airlines, hotels, online travel agencies (OTAs), and car rental companies. The report delivers unprecedented visibility into how credential abuse has evolved over the past two years, revealing that while overall attack volumes fluctuate, the sophistication and persistence of threat actors continue to rise.
Drawing on activity across more than 85 travel platforms and billions of login attempts, the TCAI captures real-world fraud behavior across sectors. The findings reveal that credential abuse in travel has not declined — it has adapted. Attackers continue to exploit stolen credentials, MFA bypass tools, and both human and supply chain vulnerabilities. High-attack periods frequently correlate with major data breaches such as the Otelier hotel software breach in 2024 and the coordinated Scattered Spider airline campaigns in mid-2025.
Learn more →Excerpts from the Special Report, “The Economics of Credential Stuffing Attacks and Account Takeover Fraud” by myNetWatchman.
Credential stuffing has endured because it’s ruthlessly economical.
Attackers take username/password pairs harvested from one breach — or several combined — and automate login attempts across thousands of sites. Even when only a tiny fraction succeed (think 0.00018% to 0.025%), the sheer scale turns pennies into profits and headaches into real losses for businesses. The problem persists because consumers, employees, and vendors reuse passwords, and criminals can cheaply rent botnets, proxies, and tools that mimic human behavior.
Learn more →Credential stuffing is a serious cyberattack because it’s cheap, easy to scale, and takes advantage of the common problem of people reusing passwords. Even though only a tiny fraction of these attacks succeed (0.00018% to 0.25%), the sheer number of attempts means big profits for criminals and big costs for organizations. The financial gains for attackers, combined with how these attacks work, highlight the urgent need for strong defenses.
Our latest report, “The Economics of Credential Stuffing Attacks and Account Takeover Fraud,” breaks down why these attacks are so effective and what they cost both criminals and organizations. Inside, you’ll learn about:
Learn more →To all CISOs, cybersecurity managers, and fraud prevention experts out there — pull up a chair. We need to talk about something both utterly shocking and yet unbelievably common.
It’s about the recent McDonald’s data breach that affected 64 million job applicants through a vulnerability so basic it’s almost cartoonish: the password “123456.”
The Golden Arches’ Glaring Security Gap
This wasn’t a sophisticated nation-state attack or a zero-day exploit. This was a facepalm moment brought to you by a third-party AI system, Paradox.ai, which provides the McHire platform for screening candidates.
Learn more →According to the Global Anti-Scam Alliance and Chainalysis Reports, “pig butchering” scams — luring victims into investing in fraudulent financial schemes often involving cryptocurrency — cost victims $75 billion globally from 2020 to 2024.
Compromised credentials on dating sites provide scammers a valuable toolset for executing these scams. By leveraging stolen information and impersonating real individuals, they can effectively target and manipulate victims, leading to significant financial losses and emotional distress. myNetWatchman has seen ongoing credential testing at multiple dating sites, with 235 thousand compromised accounts accessed by miscreants in the past year.
Learn more →In our digital-first world, passwords — combined with an email address or User ID — are the primary gatekeepers to vast amounts of sensitive data. However, for nearly every online company, this reliance on passwords as a verification and identity method presents a critical weakness, leaving them vulnerable to credential stuffing, account takeover, and ransomware attacks.
Pervasive Problems: Weak, Reused, and Leaked Passwords
A Cybernews study on billions of leaked passwords revealed that a staggering 94% are either reused or duplicated across multiple services. Many users opt for “lazy” patterns like “123456” or simple combinations of lowercase letters and digits, making them trivial targets for brute-force and dictionary attacks. Despite decades of cybersecurity education, there has been little to no progress in user behavior.
Learn more →While organizations invest heavily in perimeter defenses, a critical vulnerability often lurks within: the exposed email addresses, passwords, and user IDs of employees and third-party vendors. These seemingly small exposures can provide an open door for cybercriminals to unleash devastating ransomware attacks, data breaches, and other malicious activities.
Recent incidents at major retailers like Victoria’s Secret and Adidas serve as stark reminders. Victoria’s Secret’s internal corporate systems and customer website were shut down for several days. Adidas’ customer data was stolen from a third-party vendor. Overlooking the security posture of internal personnel and external partners is a significant threat that many companies fail to adequately address.
Learn more →Imagine Johnny, an AI expert, famous for his globetrotting talks, boasting about racking up over a million Delta miles. Unbeknownst to him, in his audience sits Billy, a tech guru with a less-than-ethical focus — stealing travel loyalty points to sell discounted travel.
Billy spots Johnny as a potentially “ripe target.” His initial challenge is accessing Johnny’s Delta account without knowing his email or password. At this stage, the odds of success are astronomically low — estimated at 1 in 100 billion. But Billy collects vast amounts of breach data, and his odds improve dramatically with each additional piece of information he obtains.
Learn more →The cybersecurity landscape is facing unprecedented challenges — and businesses are falling behind in robust, proactive defense strategies. As highlighted in the most recent Verizon report, a critical element in this environment is the pervasive threat of compromised credentials.
Verizon’s 2025 DBIR: Key Findings
- Credential abuse (22%) and exploitation of vulnerabilities (20%) are the leading initial attack vectors
- The report analyzed over 22,000 security incidents, including 12,195 confirmed data breaches
- Third-party involvement in breaches doubled to 30%, emphasizing supply chain risk
- Ransomware has risen 37% since last year, now present in 44% of breaches
- For SMBs, ransomware appears in 88% of breaches — the impact is disproportionate
Account Takeover as a Major Threat
Criminals leverage stolen email addresses, user IDs, and passwords to take control of legitimate user accounts, leading to fraud events. Compromised credentials provide attackers with the initial access needed to deploy ransomware — and beyond.
Learn more →Imagine this: You have elite frequent flyer status. You’ve spent years building up your miles, dreaming of that perfect vacation with your family. Then one day, your digital world crumbles. You can’t access your account. Your miles vanish. Your dream vacation turns into a nightmare.
This is exactly what happened to Steve.
For years, he’d been the airline’s dream client — clocking in countless hours and millions of miles. One day, Steve simply couldn’t access his frequent flyer account. He tried different passwords, different devices. Nothing. The customer service team could see his account, his miles, his upcoming trips — but couldn’t grant him access.
Learn more →Credential stuffing is a middle step in a multi-faceted process: consumer login credentials go from being compromised — through a data breach, keystroke logger malware, or phishing — to being monetized. Cybercriminals use credential stuffing to identify the compromised username/password pairs that are valid on other sites, then sell them on the dark web for fraudulent purchases, gift card theft, reward point draining, PII scraping, and ATO.
“24 hours is all it takes a sophisticated fraudster organization to steal, test, and put compromised data out on the dark web markets for sale. Experienced criminals have these steps optimized to maximize the value of the data they’ve acquired.” — Don Bush, myNetWatchman
Learn more →
The PowerSchool data leak serves as a stark reminder of the critical importance of protecting user credentials — implementing a service to check whether usernames and passwords are known to be compromised, and enforcing a strong password change policy.
What Happened
Hackers gained access to PowerSchool’s system — likely through stolen credentials — exploiting a vulnerability in the PowerSource support portal. This highlights a common attack vector: compromised credentials. Weak passwords, phishing scams, or credential reuse across platforms can grant unauthorized access to sensitive data.
Learn more →Login processes can make or break a user experience. Excessive reliance on multi-factor authentication (MFA) often deters users from returning to a site more often.
You may have experienced the frustration: you complete MFA to sign in, navigate to view your billing statement, and get presented with MFA again — even though you’re still on the same platform. According to a 2021 PingIdentity survey:
- 56% of global consumers — and 61% of U.S. consumers — would stop using an online service if the login process became too frustrating
- 65% of U.S. consumers would switch to a competitor offering easier authentication
Businesses aren’t immune. When multiplied across daily logins for hundreds or thousands of employees, “minor” MFA friction results in significant productivity losses and increased help desk costs — with minimal impact on reducing security risk.
Learn more →Many organizations rely on myNetWatchman to protect against credential stuffing and account takeover attacks — but account security is especially critical for financial institutions (FIs). This article explores a real credential stuffing attack against a large FI, observed in real-time between June and August 2024.
It’s a High-Volume Numbers Game
Credential stuffing systematically tests exposed credential pairs to see where the same combination works elsewhere. The attack in this case study saw over 8 million unique usernames attempted in a 6-week period — not to succeed on all of them, but to identify the ones that do.
Learn more →