Exploit: Credential Stuffing
MoneyLion: Financial Services Platform
Risk to Business: 1.712=Severe
That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: 8.5 million
How It Could Affect Your Customers’ Business Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.
Source: Bleeping Computer