Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Alerts
    4. New York Attorney General urges vigilance against “credential stuffing” hacks

      Alerts

    Alert / Cybersecurity & Privacy

    New York Attorney General urges vigilance against “credential stuffing” hacks

    Jan 7, 2022

    LinkedInX (Twitter)EmailCopy URL

    By Jason Kravitz and Jenny Holmes

    Why a new report from the New York AG means you should review your cybersecurity plans.

    What’s the Impact?

    • A new report from the New York Attorney General details cyberattacks affecting over one million accounts, particularly impacting the restaurant and retail industries
    • Businesses are encouraged to implement additional cybersecurity protocols
    • Experienced cybersecurity attorneys can audit your current incident response plan and recommend additional risk mitigation measures

    DOWNLOAD

    “Credential stuffing” hacks (PDF)

    Earlier this week, New York Attorney General Letitia James released a report summarizing the findings of a broad investigation into so-called “credential stuffing” that revealed more than 1.1 million online accounts have been compromised in cyberattacks at seventeen prominent companies. The report explains that the attacks involve repeated, automated attempts to access online accounts using usernames and passwords stolen from other online services and also offers suggestions for how businesses can protect themselves.

    Credential stuffing has become a popular form of cyberattack. Most websites and apps use passwords to validate a user’s identity. Because it is common for people to reuse the same passwords across multiple online services, hackers who come into possession of a user’s password for one site/app can attempt to use the same password to access other online accounts linked to that user. According to the report, there are more than 15 billion stolen login credentials being circulated across the Internet—giving rise to an extraordinary number of opportunities for hackers to exploit using bots or other automated mechanisms.

    The AG’s investigation was proactive and involved the review of thousands of dark web posts that contained customer login credentials that attackers purportedly had tested in a credential stuffing attack. From these posts, the investigators determined that customer accounts at seventeen well-known online retailers, restaurant chains, and food delivery services appeared to have been compromised in credential stuffing attacks and proceeded to warn those seventeen companies.

    Preventing credential stuffing attacks

    Businesses must be vigilant about protecting their customers’ data, and the first step should be to review existing cybersecurity incident response plans to ensure they adequately address the threats discussed in this report. Attorneys with expertise in cybersecurity and data privacy can support an audit of your current protocols and help guide implementation of the recommended safeguards against credential stuffing attacks, including employing bot-detection technology, multi-factor authentication, and password-less authentication.

    Practices

    Cybersecurity & PrivacyGovernment Investigations & White Collar DefenseState Attorneys GeneralLitigationRegulatory & Government Relations

    Industries

    Food, Beverage & Agribusiness

    Insights And Happenings

    • Article

      Food & Beverage Crystal Ball: Trends we’re following

      April 19, 2022
    • Press Release

      Nixon Peabody adds a team of litigation partners to its Los Angeles office bolstering its labor and employment and general litigation bench strength and trial capabilities

      March 28, 2022
    • Press Release

      Nixon Peabody selects Jason Kravitz to lead its Privacy & Technology practice

      Feb 24, 2022
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved