
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
08/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
08/07/2026
Turn any audio loop into a playable kit
Pitch Innovations have recently introduced an interesting new tool that's capable of creating playable kits from...
08/07/2026
Adds new keyboard-split function
MonkeyC have recently launched an update that overhauls their powerful software sampler. Described as the sampler that mad...
08/07/2026
Four new delay algorithms & dual-engine functionality
Strymon have just announced that the much-anticipated MX version of their hugely popular delay pedal i...
08/07/2026
Rohde & Schwarz and China Mobile Research Institute jointly demonstrate generati...
08/07/2026
Film follows the courageous fight for justice by survivors of Ireland's Magdalene Laundries & Mother and Baby Homes
TESTIMONY airs Wednesday 22 July at 9...
07/07/2026
Applications are now open for the Validation Booster, a six-month acceleration programme supporting journalists, media organisations, content creators, media in...
07/07/2026
New mixer aimed squarely at instrument-level sources
Heritage Audio have clearly been busy recently, as alongside their all-new Tubestrip, they've also ...
07/07/2026
New channel strip combines popular hardware designs
The latest arrival to the Heritage Audio line-up brings together a selection of their praised hardware d...
07/07/2026
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......
07/07/2026
UKTV commission with BritBox and Sony Pictures Television and inspired by Deborah Cadbury's book, Chocolate Wars
The six-part series is produced by Fable P...
07/07/2026
Tuesday 7 July 2026
Record audiences tune into the ICC Women's T20 World Cup 2026 on Sky Sports
The ICC Women's T20 World Cup 2026 was the most watche...
07/07/2026
Tuesday 7 July 2026
Official trailer released for Fightland, a revenge drama fr...
07/07/2026
Wuppertal July 7, 2026
Riedel and ARRI Bring Cinematic Live Production to the Eurovision Song ContestRiedel Communications and ARRI played a key role in one o...
07/07/2026
To Whom It Concerns RT today confirmed that Patrick Kielty is to extend his contract as host of The Late Late Show.
Last season, the world's longest-runn...
06/07/2026
Bundle gains 100 new synths & more
Synth Anthology 5 the largest and most feature-packed edition of UVI's hardware synth emulation bundle, bringing toge...
06/07/2026
Available now via free firmware update
MOTU have just announced that three of their popular audio interfaces now boast official Milan Certification. The 16A...
06/07/2026
Rohde & Schwarz completes Hunter Preliminary Design Review for the Integrated Co...
06/07/2026
The R&S IMAGER from Rohde & Schwarz uses millimeter wave imaging to inspect the ...
06/07/2026
Monday 6 July 2026
Sky Kids unveils new slate for 2026 including Paris Hilton...
06/07/2026
Monday 6 July 2026
Sky agrees to acquire ITV Media & Entertainment, creating a ...
06/07/2026
Fresh from his World Cup heroics with Cabo Verde, Roberto Pico' Lopes will join the RT panel for Argentina v Egypt tomorrow and for the England v Norway q...
06/07/2026
A death can be unsuspicious, but it has to be explained
What happened to Ke...
05/07/2026
Browser-based and desktop apps available
Digital Sunset Studios have been busy working on an interesting project: a free software tool that provides compute...
04/07/2026
Celebrates company's 80th anniversary
Rhodes have recently revealed that they will be producing a limited run of electric pianos in celebration of their...
04/07/2026
** MEDIA ALERT **
BLEACH: THOUSAND-YEAR BLOOD WAR THE CALAMITY Continues I...
04/07/2026
** MEDIA ALERT **
VIZ Media Unveils New Anime Slate at Anime Expo 2026 with ...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
03/07/2026
New bundle & three Single Packs
Continuing to expand their already sizeable orchestral collection, VSL's latest release introduces three new Single Pack...
03/07/2026
Venue installs new ATC-equipped control room
LSO St Luke's, a unique music venue that also serves as the home of the London Symphony Orchestra, have rec...
03/07/2026
1 February 2023
SHARE Facebook Twitter Linkedin Email
Munich, Germany, 1st February 2023: Cinegy GmbH, the premier provider of software technology for digit...
03/07/2026
** MEDIA ALERT **
VIZ Media Celebrates Anime Expo 2026 with BLACK TORCH Worl...
02/07/2026
Stammering, stuttering, strangulated tones
The Crow Hill Company's latest creation promises to be the most original sound set they've produced to d...
02/07/2026
A new era in unmixing and spectral editing
The latest version of Steinberg's spectral audio-editing software has just arrived, building on the strength...
02/07/2026
Aims to simplify additive synthesis
Sine Machine is the debut launch from Melatonin, a Vienna-based developer who have spent the past six years creating wha...
02/07/2026
Products to remain fully active & supported
Following the news of Native Instruments joining the inMusic brand line-up, Academy and Emmy Award-winning visua...
02/07/2026
What you missed!
Last weekend, Saturday 27 June 2026, saw the debut of Sound On Sounds new GearExpo UK event, the largest dedicated pro-audio event to take ...
02/07/2026
Thursday 2 July 2026
Tea with Judi Dench returns to Sky Arts with legendary guest, Sir Ian McKellen
Sky today confirms Tea with Judi Dench will return this su...
01/07/2026
New AI Assistant, Multi-channel Audio, ARA2 improvements & more
Tracktion's DAW software has just received its latest major update, gaining a selection ...
01/07/2026
Stammering, stuttering, strangulated tones
The Crow Hill Company's latest creation promises to be the most original sound set they've produced to d...
01/07/2026
Exclusive run of limited-edition modelling pedals
Sweetwater and Andertons M...
01/07/2026
Matt started engineering and mixing in studios. Twelve years later, a good friend, front of house engineer Shane Haase, took him out on tour as system engineer ...
01/07/2026
Our SD10T was an absolutely rock-solid, stable console and the Quantum 338T has been the perfect upgrade, Hurley says. Having multiple screens is a big advant...
01/07/2026
LEXINGTON, Kentucky - July 2026 -Tyler Childers' seventh and latest studio record, Snipe Hunter, is an adventurously sprawling collection of tunes that span...
01/07/2026
** MEDIA ALERT **
BLEACH Comes to Life in Los Angeles with First-of-Its-Kind...