United Kingdom – Oyster


Exploit: Credential stuffing attack
Oyster: Travel smartcard system for UK public transportation

Risk to Small Business: 2.111 = Severe Risk: Hackers accessed more than 1,000 Oyster user accounts by applying login credentials from other platforms to their Oyster login. This technique, known as a credential stuffing attack, uses stolen data from other websites and compounds the damage by applying that data logins across the internet. To prevent further access, the smartcard system was taken offline for two days, creating delays to the public transit system while damaging their reputation as users took to social media to voice their frustrations about the delays. Individual Risk: 2.428 = Severe Risk: Oyster is notifying customers who had their accounts compromised, and those users should assume that all available information was compromised in the breach. Moreover, because their accounts were accessed using credential stuffing, users should ensure that they use strong, unique passwords across all accounts..

Customers Impacted: 1,200
How it Could Affect Your Customers’ Business: With credential stuffing attacks can be difficult to defend because they rely on users choosing strong, unique passwords across all of their accounts. However, businesses can get ahead of the threat by adopting the monitoring services necessary to know if their customers’ credentials might be compromised.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


More to explore


Service Starter Mid Expert Enterprise
Monitoring Yes Yes Yes Yes
Live Notifications & Reporting Yes Yes Yes Yes
Onboarding Session with our Success Team Yes Yes Yes Yes
Monitor all users (up to XX) 150+
Monitored Domain Yes Yes Yes Yes
Additional Domains No 1 3 5
Personal Email Addresses (Gmail / Icloud etc) No 10 30
Monitored Router IP & Device IP Breach No Yes Yes Yes
Dedicated Account Manager No No Yes Yes
Fully managed Service No No No Yes
Go Phishing No No No Yes
Staff Training No No No Yes
PCM (If paid monthly) £45 £75 £150 N/A
PCM (If paid annually 20% discount) £36 £60 £120 N/A
Annual 20% discount for annual transaction £432 £720 £1440 Call
Annual Saving £180 £180 £360 Call
1 Additional Domain £25 £25 £25
Add Additional 10 Personal Emails £25 £25 £25