|
|
|
|
|
|
by daxorid
2897 days ago
|
|
|
Data point of one incoming. I work in ecommerce. 90% seems stupid low, based on our data. A couple years ago we were seeing a dozen or so successful login requests per minute against a background of ~40 unsuccessful requests per second. We were forced to implement rate-limiting on logins, which has resulted in more than a few customer service headaches. But it's now the reality of online retail. |
|
|
We ended up tracking actors as they switched up their techniques to evade us and our defences, and ended up learning a lot about credential stuffing, the tools involved and some of the motives behind them attacking lesser-known websites. We ended up blogging about our findings, should anyone else have to deal with this cat and mouse fun: https://breachinsider.com/blog/2017/credential-stuffing-how-...