Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
14/03/2026
Combines mic, USB interface & wireless IEMs
Following a successful Kickstarter campaign, HISONG have announced that their innovative AirStudio S1 device is ...
13/03/2026
Spotify has always been built around your taste. More than 80% of listeners say personalization is what they love most about us. Now we're taking that even ...
13/03/2026
The new Spotify Legends Club has opened its doors. Its members: select German-sp...
13/03/2026
Pushing drum sampler technology into new territories
The latest version of Klevgrand's software drum sampler has just arrived, boasting a newly designe...
13/03/2026
Expanded headphone support & engine improvements
IK Multimedia's recently introduced ARC On-Ear system brings the power of their monitoring-correction s...
13/03/2026
Extra sound collections, more presets & new Keys category
UVI's rhythm and pattern instrument has just received a major update that introduces four new ...
13/03/2026
13 Mar 2026
VEON Delivers Record Digital Growth: 4Q25 Digital Revenues Grow 84%...
13/03/2026
Friday 13 March 2026
Sky Adds Blood on Snow to Original Film Slate in Acquisiti...
13/03/2026
RT has announced today that Rick O'Shea is the new presenter of Arena RT Radio 1's flagship weeknight arts and culture programme. Rick has been pres...
13/03/2026
Lights! Camera! Action! The 98th Oscars set to air live as RT backs the Irish n...
12/03/2026
Staines-upon-Thames, UK, 11th March, 2026 - Yospace, the trusted leader in Dyna...
12/03/2026
In Latin America, women are shaping music and defining its future. To kick off t...
12/03/2026
En Am rica Latina, las mujeres est n moldeando la m sica y definiendo su futuro....
12/03/2026
Let's turn back the clock 20 years: The music landscape was a world away fro...
12/03/2026
Bad Bunny is no stranger to Spotify's Billions Club. In fact, he has a whopp...
12/03/2026
Spotify was at the London Book Fair this week, joining conversations across the publishing industry about how people can make reading part of their daily lives....
12/03/2026
Mastering tool improves mono compatibility
Tokyo Dawn Labs' Ohlhorst Digital range is a series of mastering-focused plug-ins developed by Jan Ohlhorst, ...
12/03/2026
Wave FX processor integrated into four products
Lewitt have teamed up with Elgato to create a new processor for the company's Wave Next product range, i...
12/03/2026
Free tool for annotating audio files
Mix Notes is a new, free iOS App that provides users with a simple way to annotate their audio files. It's been cre...
12/03/2026
Side-chain ducking tool gets an upgrade
Devious Machines' popular side-chaining and envelope-shaping tool has just been kitted out with an improved enve...
12/03/2026
Ceremony to take place on 16 April 2026
The MPG (Music Producers Guild) have revealed the full shortlist for this year's MPG Awards, which will be takin...
12/03/2026
Emulates three classic dbx 160 variants
The latest arrival to Overloud's Gem Series plug-in range faithfully recreates not one, but three versions of th...
12/03/2026
New granular soft synth announced
Said to be their most advanced software synthesizer to date, Baby Audio's latest release has been built on a new granu...
12/03/2026
Latest version now live!
Edit 11 March 2026 - Bitwig Studio 6 is now live, and available for all to download!
The latest version of Bitwig's DAW softwa...
12/03/2026
Latest free eBook now available!
Designed for recording engineers, audio-technology students and technically minded musicians, our latest free eBook deliver...
12/03/2026
Rohde & Schwarz Cybersecurity expands SITLine network encryptor portfolio - more...
12/03/2026
Rohde & Schwarz to showcase future-proof EMC testing solutions at EMV 2026 Rohde & Schwarz will participate in EMV 2026, Europe's premier trade fair and c...
12/03/2026
Modern media operations demand a platform that unites automation, orchestration, and human oversight without compromise. In this post, we explore the six key te...
12/03/2026
A deep dive into the platform
Architecture The Blue Lucy platform follows a distributed microservices architecture, meaning the overall operational capability...
12/03/2026
Orchestration platform enables broadcasters to deploy multiple AI models safely with full auditability, rights protection, and regulatory oversight.
LONDON, En...
12/03/2026
Wuppertal March 12, 2026
Riedel Expands Managed Technology Division in the Ame...
12/03/2026
Advanced Media Server Delivers Double the Channel Density at Half the Cost per C...
12/03/2026
The Late Late Show Show St Patrick's Day special
Dancing with the Stars f...
11/03/2026
First Medium-Earth Orbit (MEO) deployment of the emergency.lu platform for refugees and their host communities' use provides dependable broadband for humani...
11/03/2026
Following a successful first series, UKTV today announces the commission of two ...
11/03/2026
Wednesday 11 March 2026
Sky and CANAL launch new partnership to develop English-language drama
Sky and CANAL are today announcing a strategic co commissioni...
11/03/2026
NTCA, Cartesian Release New Report on the Business Case for USF
March 11, 2026
Network Economics
News
NTCA - March 11, 2026 - As the FCC and Congr...
11/03/2026
TELL US YOUR (SHORT) STORIES
The 2026 RT Short Story Competition is now open for entries
Recognising and rewarding the best new Irish fiction writing for...
11/03/2026
RT 's The Traitors Ireland is among the nominees for the 2026 Celtic Media Festival Torc Awards for Excellence, announced today....
10/03/2026
10 Mar 2026
VEON's Largest Market Pakistan Almost Triples Mobile Spectrum i...
09/03/2026
Contains all six dual-ensemble libraries
VSL's Duality Strings series offers an intriguing alternative to your average string library, capturing two str...
09/03/2026
Outstanding Contribution To UK Music
Photo: Samuel Bradley
Ahead of their upcoming MPG Awards, the Music Producers Guild (MPG) have revealed the latest win...
09/03/2026
Two new high-quality DI boxes announced
Boasting some impressive technical specifications and versatile routing options, Strymon's latest active DI boxe...
09/03/2026
Latest MPE-capable Soundbox library released
The follow-up release for Sonora Cinematic's Pure Nylon has arrived, and becomes the latest addition to the...
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years 
