The banking and investing platform MoneyLion had to lock customer accounts that were breached in credential stuffing attacks over the summer, in June and July.
The fintech company has provided mobile banking services for borrowing, saving, and investing money to more than 8.5 million Americans since its launch in 2013.
In credential stuffing attacks, threat actors use large collections of username/password combinations leaked following security breaches of various online services to log into the victims’ user accounts on other online platforms. Such attacks commonly work particularly well against those who reuse their credentials for accounts on multiple sites.
The attackers’ end goal is to gain access to as many accounts as possible to steal sensitive info and money or to take over the identities of the accounts’ owners.