
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
07/10/2026
Dalet, a leading technology and service provider for media-rich organizations, today announced the latest Long-Term Supported (LTS) release of Dalet Flex. Build...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
15/07/2026
Trinity's Treasures features Ruth Negga, Eleanor McEvoy, and David Norris, a...
15/07/2026
Join geographer Dr Susan Hegarty, Engineer Tim Joyce and Architect Orla Murphy a...
14/07/2026
Plug-ins for heavy music
Avalanche Tones is the brainchild of Ava Toton, a 17-year-old musician and developer who says her goal is to make the lives of gui...
14/07/2026
Launched alongside new Singer Showcase purchase model
IK Multimedia's innovative vocal-synthesis software has just gained its latest voice add-on, the R...
14/07/2026
Registration open until 1 September 2026
The MIDI Association have revealed that the registration deadline for this year's MIDI Innovation Awards has no...
14/07/2026
88-note model completes MK4 range
Novation have just introduced the final model in their flagship MIDI controller keyboard range, the Launchkey MK4 88. Roun...
14/07/2026
Tuesday 14 July 2026
First look revealed for Friday the 13th prequel, Crystal ...
14/07/2026
When immersive audio dominates industry headlines, it's easy to assume that every broadcaster is preparing for an Atmos future. The reality is quite differ...
14/07/2026
Emma and Sophie from ICG's marketing team joined thousands of fellow marketers, brands and agencies at MAD//Fest London 2026, one of the UK's biggest ma...
14/07/2026
Pilot Project Shows How Retailers Are Prepared for the Next Step in the Evolution of Digital Commerce
Arvato Systems Drives Agentic Commerce Forward
G terslo...
14/07/2026
As part of this commitment, weve joined the SME Climate Hub, publicly pledging to:
measure our greenhouse gas emissions
reduce them in line with a net zero p...
13/07/2026
Adds new intelligent Mix Assistant feature
With their product range now featuring numerous processors across two distinct line-ups, the M-Series and T-Serie...
13/07/2026
Plug-ins for heavy music
Avalanche Tones is the brainchild of Ava Toton, a 17-year-old musician and developer who says her goal is to make the lives of gui...
13/07/2026
Popular sustain effect overhauled
Latvia-based innovators Gamechanger Audio have just launched a new and improved version of their popular sustainer unit. B...
13/07/2026
Celebrating Two Decades of ICG and League Football Education This year marks 20 years of working with League Football Education (LFE) the charity responsible ...
13/07/2026
Silver for Arvato Systems at the 2026 Service Provider Award
Award in the AI as a Service Provider category recognizes AI expertise and innovative strength
...
13/07/2026
RT News is pleased to announce the appointment of Joe Mag Raollaigh as the new Managing Editor of Nuacht, the Irish Language News and Current Affairs service a...
12/07/2026
Offers six-channels and built-in effects
Korg's latest release introduces a new analogue mixer that's been designed to act as a hub for live electro...
11/07/2026
Promises a vividness and depth rarely found in software
Switzerland-based Handcrafted Audio's latest creation is an interesting hybrid instrument that...
10/07/2026
Discounted rates available through 27 August 2026
The Audio Engineering Society (AES) have announced that Early Bird registration is now open for the AES Sh...
10/07/2026
New in-ear monitors to launch in August 2026
Sony have announced the upcoming launch of a new pair of in-ear monitors that promise to deliver a secure, stab...
10/07/2026
New RT documentary explores Irish-led efforts to build bridges in divided Cyprus
More than a Game: From D1 to Pyla airs Monday 13 July
More Than a Game: Fro...
09/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
09/07/2026
Limited-edition mic celebrates rock icon
Neumann have partnered with the Bon Scott Estate to create a limited-edition version of the U 47 FET that honours b...
09/07/2026
Handles organisation, updates, troubleshooting & more
Created by pro-audio software developer Julian Worden, Plugin Station from Julian Michael Technologies...
09/07/2026
Introduces new $1 million advance programme
LANDR have just announced the next phase of their Fair Trade AI programme, a pioneering opt-in music-licensing p...
09/07/2026
Four new titles now available
Spitfire Audio have just introduced four new titles in their Originals range, bringing the total count of libraries in the low...
09/07/2026
Years in the making, this intimate documentary draws on rare access to Leah Crouchers family to tell the story behind one of Britains most high-profile missing ...
09/07/2026
Thursday 9 July 2026
Enjoy Gigafast speeds and Ultimate TV pack for less
The latest deals have dropped from Sky TV and Sky Broadband, the award-winning provid...
09/07/2026
Hands up who would like to dress up as a giant crisp packet?
The call that went out across the agency as our anti-litter campaign, Wish you weren't here fo...
08/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
08/07/2026
Turn any audio loop into a playable kit
Pitch Innovations have recently introduced an interesting new tool that's capable of creating playable kits from...
08/07/2026
Adds new keyboard-split function
MonkeyC have recently launched an update that overhauls their powerful software sampler. Described as the sampler that mad...
08/07/2026
Four new delay algorithms & dual-engine functionality
Strymon have just announced that the much-anticipated MX version of their hugely popular delay pedal i...
08/07/2026
Rohde & Schwarz and China Mobile Research Institute jointly demonstrate generati...
08/07/2026
Wuppertal July 8, 2026
Hong Kong Jockey Club Expands Intercom Infrastructure W...
08/07/2026
Film follows the courageous fight for justice by survivors of Ireland's Magdalene Laundries & Mother and Baby Homes
TESTIMONY airs Wednesday 22 July at 9...
07/07/2026
Applications are now open for the Validation Booster, a six-month acceleration programme supporting journalists, media organisations, content creators, media in...
07/07/2026
New mixer aimed squarely at instrument-level sources
Heritage Audio have clearly been busy recently, as alongside their all-new Tubestrip, they've also ...
07/07/2026
New channel strip combines popular hardware designs
The latest arrival to the Heritage Audio line-up brings together a selection of their praised hardware d...
07/07/2026
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......
07/07/2026
Reston, Va., July 7, 2026 - SES's wholly-owned subsidiary, SES Space & Defense, won a five-year Blanket Purchase Agreement (BPA) with the U.S. Space Force...
07/07/2026
UKTV commission with BritBox and Sony Pictures Television and inspired by Deborah Cadbury's book, Chocolate Wars
The six-part series is produced by Fable P...
07/07/2026
Tuesday 7 July 2026
Record audiences tune into the ICC Women's T20 World Cup 2026 on Sky Sports
The ICC Women's T20 World Cup 2026 was the most watche...
07/07/2026
Tuesday 7 July 2026
Official trailer released for Fightland, a revenge drama fr...
07/07/2026
Wuppertal July 7, 2026
Riedel and ARRI Bring Cinematic Live Production to the Eurovision Song ContestRiedel Communications and ARRI played a key role in one o...