Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
05/06/2026
Built from the same recordings as flagship library
Sonuscore's LUX Orchestral Strings has been met with widespread praise since its launch in late 2025,...
05/06/2026
High-end converter, interface & headphone amp upgraded
Said to represent the next evolution of RME's all-in-one reference converter concept, the all-new...
05/06/2026
Win a Soundgas Type 636P & Type G preamps
Soundgas, one of the UK's leading vintage and boutique audio equipment specialists have just announced the lau...
05/06/2026
New leadership of Technology Systems Division at Rohde & Schwarz On July 1, 2026, Hansj rg Herrbold and Andreas H gele will take over as Executive Vice Presid...
05/06/2026
Hitachi and Intel announced a strategic collaboration to explore opportunities t...
05/06/2026
05 Jun 2026
VEON's Kyivstar to Expand Digital Mobility Ecosystem with Acqui...
05/06/2026
RT Radio 1 Folk Awards to take place on Tuesday 10th November 2026, Vicar Street, Dublin
Moya Brennan, D nal Lunny, Mary Black and Christy Moore among previou...
04/06/2026
Steinberg DAWs now boast in-depth Tonalic integration
Celemony's innovative virtual session musician plug-in has just received an update that brings ARA...
04/06/2026
Get Hands-On With Over 20 Mic Brands
GearExpo UK is fast approaching, and if you've been looking for a chance to check out some new mics, then you'r...
04/06/2026
Combos feature new Amplifier Intelligence engine
Positive Grid's latest release sees the company introduce two new combo amplifiers that promise to offe...
04/06/2026
BackStory follows four Irish young people as they travel back to their parents' homelands
Modern Irish identity is enriched by cultures and influences from...
03/06/2026
Step sequencer-style panning tool revealed
Alongside their flagship self-titled sound-design platform, Sound Particles offer an array of creative effects an...
03/06/2026
Now features full H90 algorithm library
Eventide have announced the upcoming launch of the H9 Harmonizer Gen 2, a new and improved version of their hugely p...
03/06/2026
Significant discount available until 1 October 2026
Aim Audio have just announced a promotion that sees a significant discount applied to their Essence micr...
03/06/2026
Rohde & Schwarz to supply CERTIUM advanced communications system to Memmingen Ai...
03/06/2026
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
03/06/2026
RT confirms multi-channel and free to air coverage of the expanded tournament with enhanced digital features and the return of Total Football for young fans
S...
03/06/2026
03 Jun 2026
VEON to Release 2Q26 Earnings on July 31, 2026 Dubai and New York, June 3, 2026 - VEON Ltd. (Nasdaq: VEON), a global digital operator ( VEON or t...
03/06/2026
RT has today announced Heineken 0.0 as the broadcast sponsor of their FIFA World Cup 2026 coverage.
The sponsorship, brokered by Dentsu, will see Heineken 0....
02/06/2026
Musically intelligent soft synth gets upgraded
Scaler Music will be probably be best known to many for their music theory tools, but their product range al...
02/06/2026
Powerful new vocal-production tool announced
Described as a vocal performance station , Klevgrand's latest plug-in combines pitch-correction with harmo...
02/06/2026
Launched alongside Go Green sale extension
McDSP have just released the latest addition to their APB line-up, DC-2 Dual Compressor, and have also announced ...
02/06/2026
Create custom tools for Ableton Live 12 Suite
Ableton have just introduced a new open JavaScript toolkit that allows anyone to create their own custom tools...
02/06/2026
Now features full H90 algorithm library
Eventide have announced the upcoming launch of the H9 Harmonizer Gen 2, a new and improved version of their hugely p...
02/06/2026
Plus UAD Half Yearly Sale now live
The latest arrival to the Universal Audio range delivers a new native pitch-correction plug-in that's capable of deli...
02/06/2026
Rohde & Schwarz to present comprehensive performance, conformance and spectrum-m...
02/06/2026
BTL Laboratory becomes Taiwan's first test house with a CTIA Certification c...
02/06/2026
If you've kept up with this article series, you know by now where to start w...
02/06/2026
With new DSP configurations and flexible licensing options, Calrec is removing the barriers to virtualised audio, giving broadcasters the freedom to scale produ...
02/06/2026
02 Jun 2026
VEON Closes USD 1.4 Billion Bond Offering, Refinancing 2027 Notes A...
02/06/2026
Praise for series three:
The Times - sun-dappled pleasure
The Daily Mail - The Homes Counties' Charlie's Angels
The Sun - 4* this [is an] enjoya...
02/06/2026
Wuppertal June 2, 2026
Gudrun Scharler Appointed CEO of Riedel Networks The Riedel Group today announced the appointment of Gudrun Scharler as CEO of Riedel N...
02/06/2026
Trust has become a commercial issue With global advertising spend forecast to exceed US$1 trillion this year*, the commercial consequences of weak governance co...
02/06/2026
June sees Ireland's cultural calendar in full bloom, as RT Supporting the Arts showcases a vibrant and wide-ranging programme spanning music, theatre, visu...
02/06/2026
After The Traitors Ireland launched in 2025, Irish audiences proved to have a taste for the global hit reality show. This Bank Holiday Monday fans can indulge e...
01/06/2026
Category line-up & sponsors announced
Photo: Paul Clarke
The Production Music Awards (PMA) have announced that submissions are now officially open ahead of...
01/06/2026
New hybrid sample/synthesis instrument revealed
Excite Audio have just released the latest instalment in their Evolve series, which has been developed in co...
01/06/2026
Latest TONEX expansion captures three rare vintage amps
The newest addition to IK Multimedia's ever-growing TONEX line-up introduces a set of three incr...
01/06/2026
Musically intelligent soft synth gets upgraded
Scaler Music will be probably be best known to many for their music theory tools, but their product range al...
01/06/2026
Rohde & Schwarz Satellite Industry Days 2026 guided by the motto From Earth to ...
01/06/2026
Luxembourg, June 1, 2026 - SES, a leading space solutions company, and Viva, Mexico's ultra low-cost airline, launched fast and reliable multi-orbit satelli...
01/06/2026
Mardi 2 juin 14h00
FilmLight (ARRI), 10 rue Ren Boulanger, 75010 Paris
Rejoignez-nous pour d couvrir comment FLAPI (l'API FilmLight) peut transformer e...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
29/05/2026
The days are getting longer, the temperatures are rising, and playlists are filling up for the season. With summer around the corner, Spotify's global edito...
29/05/2026
New retro-inspired MPC announced
There are few devices that have gained the status held by Akai Pro's MPC range, and in recent years, the company have s...
29/05/2026
Save up to 30 on acclaimed titles
Following a successful launch at Superbooth 2026, Bjooks have revealed that they will be continuing the Kickstarter campa...
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years 
