Exploit: Credential Stuffing
Eneco: Energy Company
Risk to Small Business: 1.827 = Severe
Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords after a recent data breach following a suspected credential stuffing attack. The company reported that hackers accessed approximately 1,700 private and small business accounts. A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution”. The investigation is still ongoing.
Individual Risk: 1.717 = Severe
The company stated that affected customers may have had their data “viewed and possibly changed by third parties,” but was unspecific about the exact impact.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing is a popular attack because it’s cheap, effective, and it’s been made so easy due to an abundance of Dark Web data to fuel it.