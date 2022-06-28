GRA Takes Part In International Initiative To Address Rising Threat Of Credential Stuffing Cyber Risk

The Gibraltar Regulatory Authority and several international data protection and privacy regulators have released guidance on “credential stuffing attacks”, to combat a significant and growing global cyber threat to personal information.

A statement from the GRA follows below:

A credential stuffing attack is a cyber-attack method that exploits an individual’s tendency to use the same credentials (e.g., username/ email address and password combination) across multiple online accounts. These attacks are automated and often large scale, using stolen, legitimate credentials obtained from unrelated data breaches to access user accounts across other online sites.

Data protection authorities from Canada, Gibraltar, Jersey, Switzerland, Turkey and the United Kingdom worked together under the umbrella of the Global Privacy Assembly’s International Enforcement Cooperation Working Group to develop the guidance to help individuals and commercial organisations identify this malicious behaviour, prevent and protect against it.

As part of the group’s research and efforts on the topic, a survey was conducted to establish the visibility of credential stuffing attacks to data protection and privacy authorities, as well as the extent of their impact on personal data. The group also engaged and collaborated with relevant stakeholders, seeking their input and comments on the work carried out.

The material produced serve as recognition of the global threat to personal data from credential stuffing, in addition to assisting both organisations and the public in preventing, detecting or mitigating the risk from such attacks.

The GRA has today disseminated the guidance locally to assist organisations and the general public to mitigate and protect against the risk of credential stuffing attacks.






