. (Photo: Shutterstock)
The Securities and Exchange Commission's exam division is warning about an increase in cyberattacks against advisors and financial institutions. These involve "credential stuffing," in which bad actors target client accounts via compromised client login credentials and can result in loss of customer assets and unauthorized disclosure of personal information.
The agency's Office of Compliance Inspections and Examinations has observed the credential stuffing in recent exams.
Cyber attackers, the OCIE Risk Alert states, obtain lists of usernames, email addresses and corresponding passwords from the dark web.
Then they use automated scripts to try the compromised user names and passwords on other websites, such as a registrant's website, in an attempt to log in and gain unauthorized access to customer accounts.
"Credential stuffing is emerging as a more effective way for attackers to gain unauthorized access to customer accounts and/or firm systems than traditional brute force password attacks," the alert states.
The alert urges advisors and BDs to periodically review policies and programs with specific focus on updating password policies to incorporate a recognized password standard requiring strength, length, type, and change of passwords practices that are consistent with industry standards.
Firms should also employ multi-factor authentication, which uses multiple "verification methods" to authenticate the person seeking to log in to an account.
Monitoring the Dark Web for lists of leaked user IDs and passwords, and performance of tests to evaluate whether current user accounts are susceptible to credential stuffing attack, should also be performed, OCIE states.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Melanie Waddell
Melanie is senior editor and Washington bureau chief of ThinkAdvisor. Her ThinkAdvisor coverage zeros in on how politics, policy, legislation and regulations affect the investment advisory space. Melanie’s coverage has been cited in various lawmakers’ reports, letters and bills, and in the Labor Department’s fiduciary rule in 2024. In 2019, Melanie received an Honorable Mention, Range of Work by a Single Author award from @Folio. Melanie joined Investment Advisor magazine as New York bureau chief in 2000. She has been a columnist since 2002. She started her career in Washington in 1994, covering financial issues at American Banker. Since 1997, Melanie has been covering investment-related issues, holding senior editorial positions at American Banker publications in both Washington and New York. Briefly, she was content chief for Internet Capital Group’s EFinancialWorld in New York and wrote freelance articles for Institutional Investor. Melanie holds a bachelor’s degree in English from Towson University. She interned at The Baltimore Sun and its suburban edition.
