Shape Security: Top 3 Telecom Provider Secures Mobile Accounts

A Top 3 US Telecom Provider needed to secure its mobile accounts from credential stuffing. Credential stuffing is an attack in which bad actors test credentials that have been stolen from third parties en masse on a different login application. Because users reuse passwords across online services, 0.1%-2% of a stolen credential list will typically be valid on a target site, allowing the attacker to hijack the user’s account. Attackers typically use automation to conduct credential stuffing at scale. Once attackers validate credentials on a login application, they take over the customer’s account to commit fraud. Over two billion credentials were reported spilled in 2017, so attackers always have fresh credentials to test out on telecom providers. Based on customer data, Shape estimates that the US Telecom industry faces nearly 50 million credential stuffing attempts per day. Credential stuffing attackers targeted the telecom provider to commit various fraud schemes, including: Upgrade theft Two-factor authentication bypass Virtual calling When account takeovers became so common that the telecom provider received negative press about the situation, the company knew it needed to find a solution immediately. Download this case study to learn how the company was able to stop credential stuffing.