
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
22/04/2026
Spotify and the New York Liberty are teaming up to give music and basketball fan...
22/04/2026
New 20-minute documentary explores iconic design The Focusrite Room in Mesa, Arizona, where John Aquilino hosts the Studio Console 005.
In 2025, Focusrite co...
22/04/2026
Offers compact wireless solution for pedalboards
Taiwanese audio brand Cloudvocal have announced the availability of a new pedalboard-friendly wireless syst...
22/04/2026
Latest hybrid sampling/synthesis instrument arrives
Arturia's Augmented series offerings rely on a mixture of sampling and synthesis, allowing users to ...
22/04/2026
Combines three distinct analogue EQ emulations
The latest addition to Acustica Audio's ever-expanding collection of analogue-emulation plug-ins combines...
22/04/2026
Final instalment in vintage-inspired instrument series
Analog Empire: Bass & Lead marks the final instalment in Melda Production's vintage hardware-insp...
22/04/2026
Fuzz pedal joins all-analogue Series A line
Given that Strymons reputation was built on unapologetically digital pedals, it was a little surprising to see t...
22/04/2026
22 Apr 2026
VEON's Banglalink to Bring Starlink Mobile to Customers in Bangladesh Bangladesh becomes the third market where VEON and Starlink Mobile partne...
22/04/2026
U have unveiled exclusive first-look images for their six-part police thriller Hit Point, starring Nick Blood (Day of the Jackal) and BAFTA nominee Saffron Hock...
22/04/2026
What can I watch on UKTV and stream on U this week?
This week on UKTV and the free streaming service U, viewers can watch a range of new and returning programm...
22/04/2026
Wednesday 22 April 2026
Sky announces fifth year of WNT Fund with 30,000 bursa...
22/04/2026
The move from Retail Media to Commerce Media is about broadening the scope of th...
22/04/2026
April 22 2026, 07:00 (PDT) Dolby and BMW Bring Dolby Atmos to the BMW 7 Series,...
22/04/2026
RT Documentary On One 7-part series breaks US market for first time
RT Programme Sales has announced its first deal with a US distribution partner for its 7-...
21/04/2026
Five years ago, Spotify arrived in Pakistan, opening a new chapter in the country's music scene. Since then, local listeners have explored across genres, ge...
21/04/2026
Since its launch in 2020, RADAR has been our program for spotlighting emerging artists around the world. This year marks the sixth edition of RADAR Spain, our o...
21/04/2026
Offers compact wireless solution for pedalboards
Taiwanese audio brand Cloudvocal have announced the availability of a new pedalboard-friendly wireless syst...
21/04/2026
Latest hybrid sampling/synthesis instrument arrives
Arturia's Augmented series offerings rely on a mixture of sampling and synthesis, allowing users to ...
21/04/2026
Rohde & Schwarz to host Power Electronics Online Conference From Design to Vali...
21/04/2026
Tuesday 21 April 2026
A first look at The Cathy Newman Show, live from 27 April
Everything you need to know
Sky News has announced The Cathy Newman Show, a m...
21/04/2026
Tuesday 21 April 2026
Sky Sports to make ICC Women's T20 World Cup 2026 available to all
The opening matches for all the home nations plus final will be a...
21/04/2026
Comscore Continues Building Momentum in Local Measurement Through New Agreements...
21/04/2026
Summer is nearly here and Super Garden is returning to our screens to spark some gardening inspiration. The new series kicks off on Thursday 23 April at 7pm on ...
20/04/2026
A song that captures a moment can feel like magic. But when you uncover the story behind it-who made it, what inspired it, and the meaning woven into the lyrics...
20/04/2026
Ultra-compact 32-bit recorder set for launch
Deity Microphones will soon be launching a new 32-bit six-track recorder that's been designed with producti...
20/04/2026
Uncoming lightweight shotgun mic announced
Production-sound experts Lectrosonics have recently announced the upcoming launch of a new lightweight shotgun mi...
20/04/2026
New 20-minute documentary explores iconic preamp
In 2025, Focusrite commissioned a new short-form documentary with filmmaker Chris Mayes-Wright - the direct...
20/04/2026
Turn quick sketches into real drum grooves
Sampleson have been experimenting with assitive production tools recently, and their latest creation aims to make...
20/04/2026
Rohde & Schwarz rolls out its full ARDRONIS counter UAS suite in a demonstration...
20/04/2026
Thomas Valter Director of Product Management, RTW
March 26, 2026
For users of the classic TouchMonitor, one obvious question is: what does the TMxCore offer...
20/04/2026
Fox Corporation Executives to Discuss Third Quarter Fiscal 2026 Financial Result...
19/04/2026
Now available in VST3, AU and AAX formats
Waves have recently released an update that extends their vocal-alignment plug-in's capabilities to all DAWs -...
19/04/2026
Wuppertal April 19, 2026
Riedel's SimplyLive Solution Powers Centralized V...
19/04/2026
Wuppertal April 19, 2026
Bridge Digital and Riedel Build Campus Wide ST 2110 N...
19/04/2026
Wuppertal April 19, 2026
Riedel Showcases Next Advances in IP-Based Production at NAB 2026MediorNet HorizoN ST 2110 MultiViewer App, SmartPanel Commentary Con...
19/04/2026
Harmonic's Cloud-Native VOS Media Software Lowers Costs by Unifying Media Playout to Delivery on a Single Platform SAN JOSE, Calif. - April 19, 2026 - Harmo...
18/04/2026
Free software mixer now in public beta
Blackmagic Design are best known for their high-end video hardware and DaVinci Resolve editing software, but the latt...
17/04/2026
Versatile ribbon mic kit revealed
The latest arrival to the AEA line-up brings together three contrasting models from their Nuvo range, delivering a versati...
17/04/2026
Revealed following sold-out MPG Awards ceremony
Following another sold-out MPG Awards ceremony at The Troxy in London, the MPG have released a full list of ...
17/04/2026
17 Apr 2026
VEON to Release 1Q26 Earnings Update on May 13, 2026 Dubai and New York, April 17, 2026 - VEON Ltd. (Nasdaq: VEON), a global digital operator (toge...
16/04/2026
At Spotify, we want your experience to feel intuitive and personal across every moment of the day. Whether you're streaming your favorite playlist while you...
16/04/2026
Vintage broadcast experts release second plug-in
Telsie T is the second plug-in to be released by SonicWorld, a German audio company who specialise in servi...
16/04/2026
Compact unit offers hands-on plug-in control
Softube have just announced the launch of their latest hardware unit, the Flow Studio. Housed in a compact desk...
16/04/2026
Use any VST3 plug-in on immersive audio
Fiedler Audio have just released a powerful new plug-in wrapper that brings full VST3 processing to Dolby Atmos and ...