Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
09/11/2025
Dalet today announced a transformative leap forward for media operations: Agentic Artificial Intelligence (AI) that unifies the Dalet ecosystem under one natura...
06/10/2025
France T l visions, France's leading broadcaster, has received the 2025 EBU ...
17/09/2025
It was the ultimate convergence of pop culture and literary prestige: Last night, Dua Lipa brought her Service95 Book Club podcast to the stage for a special li...
17/09/2025
Transatlantic collaboration combines experience and agility to drive innovation in network design and delivery
Luxembourg, September 16, 2025 - SES, a leading ...
17/09/2025
Wednesday 17 September 2025
UK artists capture icons of stage and screen, inclu...
17/09/2025
For the Moon Safari anniversary tour, AIR opened the doors to their backstage. Just a few hours before the Paris concert, DPA met with two key figures of the te...
17/09/2025
Auditions will be held in Dublin, Cork and Galway
The County Parade returns f...
16/09/2025
Hace una d cada, la m sica latina representaba apenas el 8% de las reproducciones globales en Spotify. Hoy, constituye m s de una cuarta parte (27%) de toda la ...
16/09/2025
A decade ago, Latin music made up just 8% of global Spotify streams. Today, it a...
16/09/2025
Spotify is expanding our video lineup with a new partnership with Zoo 55, part of ITV Studios. For the first time, acclaimed content from ITV Studios is landing...
16/09/2025
Calrec has strengthened its collaboration with audio metering expert RTW by integrating RTW's new TMxCore metering platform across its full range of Argo IP...
16/09/2025
Leading space solutions company will use optical ground stations to deliver faster, more secure data from space
Luxembourg, September 15, 2025 - SES, a leading...
16/09/2025
Comscore Unveils The Scoreboard: An Interactive Destination Surfacing Consumer B...
15/09/2025
Global K-Pop sensation aespa is redefining what it means to be rich with the r...
15/09/2025
Every day, millions of people around the world turn to Spotify to enjoy the audi...
15/09/2025
After months of intensive planning and implementation, Brembo SGL Carbon Ceramic...
15/09/2025
Unique sports content orchestration platform builds momentum among SES's cus...
15/09/2025
-- Opens door to growth in renewable energy New Delhi, India - 15th September -- Global business and industry leaders from around the world are joining technol...
13/09/2025
Harmonic's Software-Based XOS Advanced Media Processor Provides Unparalleled Efficiency and Unlocks New Business Models SAN JOSE, Calif. - Sept. 13, 2025 -...
12/09/2025
For fans, we know how important it is to stay plugged into music culture and dis...
12/09/2025
Link ping, Sweden and Shipley, United Kingdom, September 12, 2025 - Agama, the expert in video observability and analytics for service quality and customer expe...
12/09/2025
Feature-length retrospective from Studio Crook to air in 2026
Sir David Jason returns to the nation's favourite comedy channel, U&GOLD, for Open All Hours:...
12/09/2025
Friday 12 September 2025
The Boomtown Rats, Nyah Grace, Soweto Kinch, Royal Ballet and Madness also announced to perform at the ceremony on Tuesday
Sky today ...
12/09/2025
Wuppertal September 12, 2025
Riedel Unveils Ultra-Light Bolero Mini Wireless Intercom BeltpackAt IBC2025 in Amsterdam, Riedel Communications unveiled Bolero M...
12/09/2025
Wuppertal September 12, 2025
Riedel Communications Acquires hi human interfaceRiedel Communications today announced the acquisition of hi human interface fro...
12/09/2025
CORE+ virtually removes distortion, setting a new standard for church sound and giving worship teams the clarity and confidence they need.
Read the full artic...
12/09/2025
The Late Late Show is back with a bang after the summer break, and Patrick Kielt...
12/09/2025
The World Athletics Championships, Ireland v France in the Women's Rugby World Cup quarter-final, the Irish Champions Festival, and two Sports Direct Men�...
12/09/2025
The Records Show starts Sunday at 6.30pm on RT One and RT Player.
Katie Hanno...
11/09/2025
RADAR, Spotify's program for emerging talent, recently hit a major milestone...
11/09/2025
Link ping, Sweden, September 11, 2025 - Agama, the expert in video observability & analytics for service quality and customer experience, announced today the la...
11/09/2025
Under the USD 89.6 Million award, SES Space & Defense will provide global commer...
11/09/2025
Leading Balkan DTH provider adds capacity to consolidate its m:Sat TV platform at 23.5 degrees East and serve more customers across the region
Luxembourg, 11 S...
11/09/2025
UKTV's free streaming service U launches on Sky Q
Free streaming service U has launched on Sky Q in the UK, UKTV and Sky confirm today, expanding the footp...
11/09/2025
From the discreet 2061 lavaliers to 4099 and 4011 mics, the setup delivered clean, natural sound in one of the most challenging broadcast environments.
Read th...
11/09/2025
From rugged build quality to natural, detailed sound, the verdict is clear: big performance can come in a very small package.
Read the full review here!...
11/09/2025
Tonight on Prime Time
RT One and RT Player at 9:35pm
Tonight RT Prime Time...
11/09/2025
RT Statement: 2026 Eurovision Song Contest
At the General Assembly of the European Broadcasting Union (EBU) in July, a number of EBU members raised concerns ...
10/09/2025
Lossless on Spotify Premium is here.
Lossless audio has been one of the most a...
10/09/2025
The Television Will Be Revolutionised Sep 10, 2025
Written by Sunit Kotecha, Director of Delivery and Operations, YouView
2025 marks a century since the f...
10/09/2025
First of Spains F110 frigates get future-ready with Rohde & Schwarz communicatio...
10/09/2025
Harmonic's cOS Platform Supports DOCSIS and Fiber, Enabling Midco to Deliver Reliable Multi-Gigabit Connectivity to Subscribers SAN JOSE, Calif. - Sept. 10,...
10/09/2025
RT brings three days of live radio, live entertainment, live news, live weather, personal appearances, and more
Join RT Radio 1: Morning Ireland, The Oliver ...
09/09/2025
Since 2020, Spotify's RADAR program has been a launchpad for emerging talent...
09/09/2025
In 2020, Spotify launched RADAR with a clear mission: to identify, nurture, and ...
09/09/2025
If you're on BookTok, you know the drill. You scroll, you tap, and suddenly your To Be Read list is overflowing with trending must-reads. Not unlike Spoti...
09/09/2025
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......
09/09/2025
Harmonic's VOS360 Ad SaaS Enables Personalized Ad Delivery and Seamless Integration with the Ad Tech Ecosystem SAN JOSE, Calif. - Sept. 9, 2025 - Harmonic ...
09/09/2025
St. Luke's Episcopal Church in New Jersey needed audio that truly connects and they found the answer.
Read the full case study here!...
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years 
