Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
14/05/2026
New articulations, ostinatos, Motion Scoring Articulation Sets & more
Sonuscore's flagship cinematic string library has just been treated to a significa...
14/05/2026
World-class studio opens on T rkiye's Aegean coast
P r Recording & Residence have announced their official opening, introducing a new world-class reside...
14/05/2026
Now supports channel layouts up to 9.1.6
Nugen Audio have just released an update for their AI-powered dialogue intelligibility and compliance tool. Set to ...
14/05/2026
New recordings & one-key chord tool
UVI have just announced the release of Orchestral Suite 2, a ground-up redesign of their all-in-one symphonic orchestra ...
14/05/2026
Two new arrivals & expanded factory content
Rob Papen's all-encompassing plug-in and virtual instrument collection has just been treated to another upda...
14/05/2026
Embed QR codes into DAW sessions
FSK Audio's latest plug-in doesn't process audio, but serves as an organisational tool that allows QR codes to be e...
14/05/2026
Rohde & Schwarz transforms spectrum complexity into situational awareness and ef...
14/05/2026
Rohde & Schwarz and Quantum Systems join forces to redefine EW and C-UAS-enabled...
14/05/2026
Rohde & Schwarz showcases STANAG aligned ARDRONIS Counter UAS capability at NATO...
14/05/2026
Code of Silence has won the BAFTA for Best Drama Series at Sunday night's ceremony at the Royal Festival Hall.
The series, starring Rose Ayling-Ellis and w...
14/05/2026
Vivid Broadcast was embracing remote production long before it became the industry norm. Now, with Calrec's True Control 2.0-enabled Argo M and Type R conso...
14/05/2026
The high-stakes chase thriller from Oscar- and BAFTA-nominated writer Matt Charm...
14/05/2026
Back From The Brink airs Sunday 17 May and Sunday 24 May at 6.30pm on RT One an...
13/05/2026
Thousands of props donated from Skys longest-running original seriesWednesday 13 May 2026
How a neon windmill from A League of Their Own ended up in a dogs'...
13/05/2026
SAN JOSE, Calif. - May 13, 2026 - Harmonic (NASDAQ: HLIT) today announced that I...
13/05/2026
A definitive portrait of one of Ireland's most influential musicians
New TV documentary airs Monday 18 May on RT One and RT Player at 9.35pm
Watch the...
12/05/2026
Spotify is where fans and artists come together, turning discovery into somethin...
12/05/2026
Features patented Marco-MMC clocking technology
Black Lion Audio's latest release combines the company's expertise in clocking with their renowned p...
12/05/2026
New Track Panel, sequencer upgrades & more
Following their recent public beta release, Reason Studios have announced the full release of Reason 14. With the...
12/05/2026
Rohde & Schwarz presents its advanced solutions for power electronics testing at...
12/05/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, has developed a modified fund raising p...
12/05/2026
FOX Announces Schedule for 2026-27 Season FOX'S POWERFUL NEW SERIES PIPELINE FUELS A BREAKOUT SEASON WITH RETURNING HITS AND BOLD NEW STORYTELLING ACROSS ...
12/05/2026
Customer demand for data continues to grow in the first quarter of 2026 at Magya...
12/05/2026
The latest drama underscores Sky's continued investment in regional production and Welsh creative talent.Tuesday 12 May 2026
Wales takes the spotlight in S...
11/05/2026
As Eurovision fans gear up to celebrate the 70th anniversary of the iconic song ...
11/05/2026
Pela primeira vez na hist ria, o Brasil figura entre os oito maiores mercados de...
11/05/2026
New desktop instrument focused on tactile performance
Bastl Instruments have announced the Kalimba, a new desktop instrument that combines physical modellin...
11/05/2026
Compact sampling workstation gains new features
1010music have announced the blackbox 2, a new version of their compact standalone sampler designed for DAWl...
11/05/2026
Performance-focused sequencer with microtonal control
Berlin-based KOMA Elektronik have announced Monoplex, a new 42HP Eurorack sequencer designed for hands...
11/05/2026
Boasts wireless control from mobile devices
The latest iteration of IK Multimedia's compact amp and effects modelling pedal expands on the capabilities ...
11/05/2026
Spans traditional orchestral and experimental sounds
Sonora Cinematic have recently released the third instalment in their Transfigured Orchestra series, de...
11/05/2026
Our exhibition coverage
Watch all our SUPERBOOTH 2026 video coverage in one place. Check back to this page regularly as we will be updating with more video ...
11/05/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, is participating in the Equity Forum Ge...
11/05/2026
Bounteous Acquires Cartesian to Accelerate Enterprise AI
May 11, 2026
Business Assurance
News
Acquisition enhances deep data and analytics capabil...
11/05/2026
11 May 2026
VEON Shareholders Re-elect Board and Chairman, Reaffirming Confiden...
11/05/2026
Fox Corporation Reports Third Quarter Fiscal 2026 Financial Results NEW YORK, NY, May 11, 2026 - Fox Corporation (Nasdaq: FOXA, FOX; FOX or the Company ) t...
11/05/2026
Arvato Systems Becomes a Member of InsurLab Germany
Collaboration in the insurance industrys leading innovation network
G tersloh - Arvato Systems has joine...
11/05/2026
Pirate Predator uncovers new information from victims and survivors of abuse on ...
10/05/2026
RT ALL-IRELAND DRAMA FESTIVAL WINNERS ANNOUNCED DURING GALA AWARDS STREAMED LIVE ON RTE.IE/CULTURE
Kilmeen Drama Group hailing from Rossmore, Co. Cork Scoops ...
09/05/2026
New desktop instrument focused on tactile performance
Bastl Instruments have announced Kalimba, a new desktop instrument that combines physical modelling, F...
09/05/2026
Compact sampling workstation gains new features
1010music have announced blackbox 2, a new version of their compact standalone sampler designed for DAWless ...
08/05/2026
One-button synth generates random four-track ideas
Cyma Forma and French artist Bambounou have announced RND synth, a compact hardware synthesizer built aro...
08/05/2026
Portable four-layer granular and sampling instrument
Tasty Chips have announced the GR-2, a new granular synthesizer and sampling instrument that combines e...
08/05/2026
Video Show Report
Video of SUPERBOOTH 26: Polyend Drums
Polyends big announcement for Superbooth 2026 is the Drums, a new drum machine that features both ...
08/05/2026
Deal agreed as NI enters new chapter
Native Instruments CEO Nick Williams has announced that a definitive agreement has been signed for the company to be ac...
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years 
