NewsLocal NewsInvestigations


How to protect yourself from credential stuffing

Posted at 6:26 AM, Dec 05, 2019
and last updated 2019-12-05 07:26:19-05

KANSAS CITY, Mo.  — From Netflix to Hulu to HBO, it's convenient to use the same password for all of your streaming platforms.

However, doing so can put you at risk.

Disney+ subscribers found out first hand less than a week after the service launched. Thousands were unable to log into their accounts.

"It was assumed Disney had suffered a data breach," technology expert Burton Kelso said.

But the happiest place (or company) on earth wasn't responsible.

It happened through something called credential stuffing.

Essentially, as more and more data breaches occur, more people's information is out there.

"Cyber criminals will go to the dark web or to their database of information and use credentials you may have signed in to on an account to log into Disney+," Kelso said.

Criminals can offer your information for free or even sell it on the dark web.

"It's very important that you go and find out if your information is breached," Kelso said.

He shared one easy way to find out. There's a website called "Have I Been Pwned" that allows you to enter your email address and find out if your information was compromised in a data breach.

If it was, you need to change the passwords for those online accounts.

"Make sure that you always use separate passwords for all of your online accounts. So that way if one account is hacked, then you're able to just change the password for that one account and not worry about all your other accounts," Kelso said.

Instead of a password, consider using a passphrase, which can be comprised of song lyrics or two unrelated words. It's easier for you to remember and more difficult for crooks to figure out.

You can also use a password manager to keep track of all your online accounts. CNET ranked LastPass as the top free service.