Security researchers have identified instances of bots stealing pharmacy accounts and reselling prescriptions on a secondary market for in-demand and illicit substances. Researchers have also identified an acceleration in this activity: over the past 60 days, the number of stolen pharmacy accounts available for sale has increased fivefold.
In April 2022, Kasada threat intelligence first observed the use of credential stuffing to attack pharmacies, steal active accounts, and exploit the distribution of prescribed medications. Credential stuffing is an automated attack where cybercriminals use lists of stolen or leaked usernames and passwords to try and login to various accounts. Once they are successful, they take over accounts and either sell them or exploit them by making fraudulent transactions.