Following the news that website creator Weebly acknowledged a data breach earlier this year that has potentially affected more than 4.4 million customers, Deepak Patel, director of security strategy for Imperva commented below.
Deepak Patel, Director of Security Strategy at Imperva:
“The ease of getting millions of stolen credentials, with the fact that users will always continue to reuse passwords simply because they are human, makes brute force attacks more effective than ever and forces application providers to take proper measures to protect their users.
As we see again in this case, data from breaches is hot merchandise on both sides of the legitimacy fence with the security marketplace on one side and the dark market on the other. To prevent brute force attacks, security officers should not rely on password policies only, but should take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, treat with caution logins from unexpected countries and anonymous sources, and compare login data to popular passwords and stolen credentials.”