Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years
Cambridge, MA | October 21, 2020
Akamai (NASDAQ: AKAM) the intelligent edge platform for security and delivering digital experiences, today published the State of the Internet / Security report: Loyalty for Sale - Retail and Hospitality Fraud. The report details criminal activity targeting the retail, travel, and hospitality sectors with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.
Criminals are not picky -- anything that can be accessed can be used in some way, said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold, and traded or even compiled for extensive profiles that can later be used for crimes such as identity theft.
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between July 2018 and June 2020, Akamai observed more than 100 billion credential stuffing attacks in total. In the commerce category - comprising the retail, travel, and hospitality industries - there were 63,828,642,449 recorded. More than 90% of the attacks in the commerce category targeted the retail industry.
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (SQLi) and Local File Inclusion (LFI) attacks. Between July 2018 and June 2020, Akamai observed 4,375,711,860 web attacks against retail, travel, and hospitality, accounting for 41% of the overall attack volume across all industries. Within this data set, 83% of those web attacks targeted the retail sector alone. SQLi attacks are an evident favorite among criminals, accounting for just under 79% of the total web application attacks against retail, travel, and hospitality.
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker, Ragan concluded. Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on Thursday, October 22 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
21/01/2026
RT News is pleased to announce the appointment of Jackie Fox as its new Washington Correspondent. Jackie is a multimedia journalist with RT News and has repor...
19/01/2026
Monday 19 January 2026
Sky News reinvents News at Ten for the modern audience with The Wrap
Sky News today announces The Wrap, a bold evolution of its 10pm ou...
19/01/2026
DPA Microphones is striking a new chord in piano miking with the debut of its DPK2015 Piano Stereo Kit, an out-of-the-box, plug-and-play miking solution that ta...
19/01/2026
DPA Microphones will present its 4099 CORE Instrument Microphone and redesigned...
19/01/2026
Trianel relies on Arvato Systems for future-proof data center operations
Moving to the cloud: Arvato Systems implements extensive IT migration project
Migrat...
19/01/2026
Celebrating 21 Years of the RT Choice Music Prize
RT Choice Music Prize
In association with IMRO and IRMA
Irish Album of the Year 2025 - Shortlist Announce...
18/01/2026
January 18 2026, 21:30 (PST) Dolby Cinema Arrives in Bengaluru: Dolby Laborator...
16/01/2026
The start of a new year brings fresh possibilities. Whether you're diving in with big goals or simply setting new intentions, audiobooks can bring inspirati...
16/01/2026
In 2025 we launched the Spotify Partner Program to give creators more ways to tu...
15/01/2026
The SGL Carbon site in Bonn has a long tradition of training. For many years, young talent has been successfully trained here, regularly achieving excellent exa...
15/01/2026
The JEC Composites Innovation Awards annually honor the most innovative and ambi...
15/01/2026
X-energy Reactor Company, LLC ( X-energy ) and SGL Carbon LLC ( SGL ) have signed a 10-year framework agreement to provide graphite for the deployment of X-ener...
15/01/2026
RT is tonight announcing that Mari Hurley has decided to leave her role as RT 's Chief Financial Officer to take up a new position outside RT . Mari will r...
15/01/2026
15 Jan 2026
VEON's Kyivstar Reaches 3.0 million Customers with Starlink Dir...
15/01/2026
Views to free streaming service U grew by 15%, average monthly active users by 23% and registrations by 18%
UKTV's channels achieved record viewing share, ...
15/01/2026
Thursday 15 January 2026
Sky Sports to show Final Stage of inaugural FIFA Women's Champions Cup
Sky and FIFA have agreed an exclusive new partnership whi...
15/01/2026
Thursday 15 January 2026
The official trailer for the second season of Seth Mac...
15/01/2026
Wuppertal January 15, 2026
Riedel RefCam Takes Center Court in German Basketba...
15/01/2026
Arvato Systems Named Launch Partner for AWS European Sovereign Cloud
As a launch partner for the AWS European Sovereign Cloud, Arvato Systems enables customer...
14/01/2026
Staines-upon-Thames, UK, 13th January, 2026 ITV, one of the UKs leading broadcasters, has selected Yospace, the global leader in Dynamic Ad Insertion (DAI), to ...
14/01/2026
Steiger Media's adoption of Calrec's compact Argo M console not only makes its innovative new hybrid truck faster, more efficient, and agile, but also e...
14/01/2026
Press Release: The Boston Globe Names Cartesian a Top Place to Work in 2025
January 14, 2026
News
Cartesian - January 14, 2026 - EINPresswire.com - Sp...
14/01/2026
Comscore and Marcus Theatres Announce Five-Year Extension for Cinema ACE and Ent...
14/01/2026
Comscore and Santikos Entertainment Announce Five-Year Circuit Wide Commitment t...
14/01/2026
Wednesday 14 January 2026
Sky News announces Cathy Newman to lead flagship new political programme
Sky News today announces that award-winning journalist and ...
14/01/2026
The first stamp of An Post's 2026 Stamp Programme, marking 100 Years of Broadcasting, was unveiled at the GPO by Patrick O'Donovan TD, Minister for Cult...
14/01/2026
It's official! Beverley Callard has landed in Carrigstown. The beloved actor, known for her unforgettable roles and iconic screen presence, is joining the c...
13/01/2026
Independent media in Brazil and Colombia is facing an urgent crisis of traditional business models alongside a deteriorating security environment, according to ...
13/01/2026
Luxembourg, December 17, 2025 - SES S.A. ( SES or the Company ), a leading spa...
13/01/2026
Written and executive produced by Steve Lightfoot and Angela LaManna, produced b...
13/01/2026
New updates to Hitmaker Expansion from Celemony and Softube Edit pitch-perfect vocals with Melodyne Essential and get radio-ready guitar tones from Softube�...
13/01/2026
Live broadcasts from RT 2FM Breakfast with Carl, Roz & Aisling, RT Radio 1 Tod...
12/01/2026
Spotify's new co-CEOs, Alex Norstr m and Gustav S derstr m, start off the new year with a message of renewed leadership, creative responsibility, and what&#...
12/01/2026
At Spotify, we listen to a lot of music. And every year, our global editors and artist partnerships teams come together to spotlight the emerging voices we beli...
12/01/2026
Spotify's global editors and Songwriter & Publisher Partnerships team spend their days immersed in new music, tracking the writers behind the songs breaking...
12/01/2026
Rohde & Schwarz opens larger office in Japan and increases its support for the J...
12/01/2026
X-Rite and Rhopoint Launch Rhopoint PANTORA Aesthetix to Streamline Creation of...
12/01/2026
12 Jan 2026
VEON's Kyivstar Launches 5G Pilot in Lviv Lviv, January 12, 2026 - VEON, a global digital operator (Nasdaq: VEON), today announces that Kyivsta...
12/01/2026
Monday 12 January 2026
The ultimate betrayal: Harry and Jamie Redknapp, Paul Me...
12/01/2026
Rohde & Schwarz opens larger office in Japan to increase its support for the Jap...
12/01/2026
Welcome to the AVECO team: introducing new members of management
At AVECO, we are continuing to implement our #newAVECO strategy, which aims to build an even s...
12/01/2026
For the first time in the nine-year history of Dancing with the Stars, the first...
10/01/2026
This year, podcasts are making their Golden Globes debut with a new category honoring the medium's leading shows and creators. To mark the occasion, Spotify...
09/01/2026
RT Player has 157 million streams, up 10% year-on-year
An increase on 2024, RT...
09/01/2026
RT 2FM has today announced the highly anticipated list of 2FM Rising Artists for 2026, kicking off 2FM Rising week for the eighth year on The Tracy Clifford Sh...
Akamai Security Research: Loyalty Programs Continue to be Targeted by Criminals as Account Data is Easily Sold or Traded Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years 
