Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
11/12/2025
Dalet, a leading provider of cloud-native, end-to-end media workflow solutions, ...
27/11/2025
27 Nov 2025
GSMA brings M360 Eurasia 2026 to Samarkand in partnership with VEON...
27/11/2025
Tahar Rahim and Izuka Hoyle star in the gripping six-part Sky Original from Acad...
27/11/2025
Thursday 27 November 2025
Sky Arts Reveals the Nation's Greatest Basslines - and Queen Reign Supreme
The UK's most iconic basslines have been revealed...
27/11/2025
Rating reflects rating progress across areas including policies, diversity & inclusion, health & safety and Net Zero leadership
Winchester, UK, 27 November 202...
27/11/2025
What are the industry standards for Retail Media? Kathryn explains that certification is based on the IAB Europe Retail Media Measurement Standards and the IAB ...
27/11/2025
World champion boxer and Irish sporting icon Katie Taylor will be in studio this...
27/11/2025
Roblox, one of the world's most popular online gaming platforms for primary ...
26/11/2025
Book podcasts are booming. On Spotify, you'll find everything from celebrity book clubs to deep dives with bestselling authors. And in markets where audiobo...
26/11/2025
YouView Achieves Greenly Gold Certification for SustainabilityNov 26, 2025
YouView is proud to announce a Gold Certification award from Greenly for our perform...
25/11/2025
Tracy Bonareri Onchoke, an investigative journalist from Kenya is the winner of the Thomson Foundation's Young Journalist Award 2025.
The 26-year-old-sele...
25/11/2025
The best playlists, podcasts, and audiobooks bring a little extra magic to your daily routine. With new features and offerings, Spotify Premium delivers even mo...
25/11/2025
Comprehensive new research confirms what we already knew: Australian music fans love the quality, quantity, and access they have to new and local music on strea...
25/11/2025
Applicable Products
Objectives The purpose of this application note is to give a brief background on 5G (NR) wireless communication an explain the reason a SN...
25/11/2025
25 Nov 2025
VEON's QazCode and MeetKai Sign Agreement to Power National LLM...
25/11/2025
UKTV has acquired a high-profile slate of US dramas from Paramount Global Conten...
25/11/2025
A symphony of genius, rivalry and vengeance, boldly reimagined from Peter Shaffe...
25/11/2025
Article courtesy of Cinematography World
Read the article
FilmLight has finalised the prestigious 2025 FilmLight Colour Awards jury and welcomed award-winning...
25/11/2025
Article courtesy of Prensario
Read the article
La serie fue dirigida por Juli n de Tavira, Rodrigo Santos, y David Leche Ruiz, con direcci n de fotograf a a...
25/11/2025
Article courtesy of The Hollywood Reporter
Read the article
The awards, celebr...
25/11/2025
Article courtesy of Televisual
Read the article
Already live in Los Angeles and rolling out in New York and London, Nara gives producers, colourists, conform ...
25/11/2025
Article courtesy of Digital Media World
Read the article
ARTONE post-house in Tokyo is the first facility in Japan to integrate Baselight M, choosing its prec...
25/11/2025
Article courtesy of The Hollywood Reporter
Read the article
Once hidden in post-production suites, the artists who make movies and TV shows look the way they ...
25/11/2025
Article courtesy of Deadline
Read the article
The Brutalist' & Bad Bunny's Nuevayol' Music Video Among 2025 FilmLight Colour Award Winners - Cam...
24/11/2025
Robyn made her long-awaited return to the stage this week, as Spotify and Acne Studios brought friends and top fans together for an unforgettable evening at the...
24/11/2025
After more than two years of redevelopment, FC Barcelona returned to its spiritual home on November 22, hosting Athletic Club in the first La Liga match at the ...
24/11/2025
24 Nov 2025
Kyivstar Launches Starlink Direct to Cell Satellite Connectivity in Ukraine Today's Launch Makes Ukraine the First Country in Europe Where Star...
24/11/2025
Ahead of the new ninth series of Dancing with the Stars, kicking off in January 2026, RT and Shinawil have announced the arrival of three new faces to the hit ...
21/11/2025
Fans have been counting down the days until the final theatrical chapter of Wicked is revealed. To celebrate the highly anticipated release of Wicked: For Good ...
21/11/2025
Last week, Spotify turned up the volume in Seoul with the return of Spotify Hous...
21/11/2025
Wiesbaden, November 21, 2025. The SGL Carbon site in Meitingen has reason to celebrate as one of its trainees received a special award. Elias Stemmer was honore...
21/11/2025
Sky Media's £2m award-winning sustainability initiative crowns its first charity as this year's standout changemakerFriday 21 November 2025
GoodGym nam...
21/11/2025
As COP30 draws to a close, the International Electrotechnical Commission (IEC), ...
20/11/2025
Your playlists are personal. They're the soundtracks to your road trips, your quiet mornings, and your biggest celebrations; collections of memories and dis...
20/11/2025
Spotify, uzun s redir zerine al t T rk m zik k lt r n n ikon haline gelmi ...
20/11/2025
For the first time, Spotify has teamed up with The Hollywood Reporter to cohost ...
20/11/2025
This year's ARIA Awards marked a turning point for Australian music, and Spotify was right at the heart of it. For the first time in the awards' nearly ...
20/11/2025
15 March 2012
SHARE Facebook Twitter Linkedin Email
Cinegy and Vericom are pleased to announce the recent deployment of Cinegy Archive for production and as...
20/11/2025
6 September 2012
SHARE Facebook Twitter Linkedin Email
FIC Turkey supplies media content to Pay TV under Fox TV Channel brands in Turkey.
At the start of s...
20/11/2025
25 June 2014
SHARE Facebook Twitter Linkedin Email
Last month VIVA finalized its Cinegy installation in order to produce and broadcast the World Cup Brazil ...
20/11/2025
1 October 2014
SHARE Facebook Twitter Linkedin Email
With 5 locations spread out around Baden-W rttemberg, Schw bisch Media required a scalable end to end s...
20/11/2025
27 April 2015
SHARE Facebook Twitter Linkedin Email
Cinegy, which develops and produces media asset management products that are used in flagship production...
20/11/2025
12 August 2015
SHARE Facebook Twitter Linkedin Email
Munich, Germany, 26 October 2015 - Cinegy, which develops and produces software technology for digital ...
20/11/2025
5 November 2015
SHARE Facebook Twitter Linkedin Email
Munich, Germany 3 November 2015 - Cinegy, which develops and produces software technology for digital ...
20/11/2025
12 February 2016
SHARE Facebook Twitter Linkedin Email
Munich, Germany 9 February 2016 - Cinegy, which develops and produces software technology for digital...
20/11/2025
22 June 2016
SHARE Facebook Twitter Linkedin Email
Munich, Germany 21 June 2016 - Cinegy today announced that ABS BROADCAST, one of the largest independentl...
20/11/2025
10 January 2017
SHARE Facebook Twitter Linkedin Email
Find us on page 12 of the Program Guide 2016
Tags
NewBay Media Awards , Program Guide 2016 , broadc...
20/11/2025
15 March 2017
SHARE Facebook Twitter Linkedin Email
Munich, Germany 15 March 2017 - Cinegy today announced that Thailand's Next Step direct-to-home Free...
20/11/2025
12 December 2017
SHARE Facebook Twitter Linkedin Email
Munich, Germany 13 December 2017 - Cinegy today announced that it is making its Cinegy Air Cloud Pack...
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years 
