Credential stuffing remains a prevalent hacking method, where attackers use compromised logins and passwords to gain access to various services that users reuse the same data for. Automated tools make it easy to carry out such attacks on a large scale.
According to companies at Abnormal Security, one of these tools, Atlantis aio-program, has emerged as a significant threat. This program can check millions of logins and passwords across over 140 platforms within minutes. It contains modules tailored for popular online services, particularly email providers like Hotmail, Yahoo, and Aol.
The Atlantis aio program automates the password selection process, enabling attackers to capture accounts without manual intervention. Once access is gained, it is used for malicious activities such as phishing, data collection, or selling the accounts on shadow forums.
Organized on a modular basis, Atlantis aio has specific blocks targeting email services, financial platforms, streaming services, and even delivery services. The password hacking modules swiftly crack vulnerable account combinations, while recovery blocks help bypass security measures like Captcha.
Compromised logins are frequently sold in bulk, including both personal and corporate addresses. This is made possible by the practice of employees reusing passwords across various accounts.
Traditional security measures like complex passwords, password managers, and two-factor authentication are no longer foolproof against such attacks. Criminals have found ways to bypass even multi-factor authentication and persist in using automated tools for large-scale attacks.
To combat credential stuffing, it is crucial to prevent login theft at the onset. Modern AI systems can identify phishing attempts, unusual activities, and block unauthorized access in real-time. These proactive measures help safeguard corporate data and thwart attacks before accounts are compromised.