Arkose Labs, a platinum sponsor of the MPC Digital Commerce Event, has launched Credential Stuffing Week, an event aimed at educating public and private sectors about credential stuffing, also known as account takeover (ATO) and password-spraying fraud. Throughout the week, Arkose Labs will share insights and information about these threats using hashtags #StopCredStuffing and #CredStuffingAwarenessWeek, company representatives stated.
Kevin Gosschalk, co-founder and CEO at Arkose Labs, has seen credential stuffing escalate and urged organizations to arm themselves against an array of known and emerging threats. “This is why we created Credential Stuffing Week,” he said. “Businesses are suffering, and by default, so are their customers and clients, as credential stuffing attacks become more common and sophisticated.”
Escalating threats
Gosschalk additionally noted that Arkose Labs stopped nearly 3 million credential stuffing attacks before they happened over the last 12 months, a 98 percent increase compared with the previous year’s same period. In addition, cred stuffing jumped by 56 percent over the holiday season, a trend he expects to repeat this year.
Top attacked industries are gaming, financial services and media and top attack regions are Asia, Europe and North America, Gosschalk noted, and credential stuffing is driving ATO attacks, with more than 50 percent of attacks targeting logins, he added. Following are additional statistics:
- Credential stuffing accounted for 5 percent of all traffic in the first half of 2021, getting past traditional bot defenses and rate limiting
- In the first half of 2021, the Arkose Labs network detected and stopped 285 million credential stuffing attacks, with spikes upwards of 80 million in a single week.
- Credential stuffing made up 29 percent of all fraud attacks over the first half of 2021
- Credential stuffing attacks cost the average business $6 million per year
- 46 percent of businesses say that account takeover has led to decreased revenue
- One social media client saw 1.5 million credential stuffing attempts in just one week
Of all total attacks so far through 2021, credential stuffing impacted the following industries: Media & Streaming: 53 percent; Finance: 14 percent; Gaming: 50 percent;
Tech: 7 percent.
Industry-first Credential Stuffing Warranty
Businesses deserve protection and partnership from security providers, Gosschalk stated; Arkose Labs’ credential stuffing warranty covers up to $1 million in response expenses.
“We want to show our commitment to customers by sharing a portion of responsibility with regard to attack mitigation,” said Gosschalk.
Arkose Labs will host its second annual Bankrupting Fraud Virtual Summit Nov. 9-10, 2021. Leading companies, including Facebook, Visa, PayPal and more will present at the Summit. Register for free at https://www.bankruptingfraud.com
Gosschalk, who delivered a keynote address at MPC21, stated Arkose Labs stopped 285 million credential stuffing attacks in the first half of 2021. A replay of Gosschalk’s keynote is available at
[mkdf_separator class_name=”” type=”normal” position=”center” color=”” border_style=”” width=”” thickness=”” top_margin=”” bottom_margin=””]
By Arkose Labs
Arkose Labs bankrupts the business model of fraud. Recognized by Gartner as a “Cool Vendor in Fraud and Authentication,” the company offers an industry-first warranty on account protection. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks, while improving good user throughput. Based in San Francisco, CA with offices in Brisbane, Australia and London, UK, the company was honored as the 195th fastest growing companies in the United States on the 2021 Inc. 5000 list.