searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Help Net Security
Help Net Security
April 12, 2019
Share

Who are the biggest targets of credential stuffing attacks?

Media organizations, gaming companies, and the entertainment industry are among the biggest targets of credential stuffing attacks, in which malicious actors tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

targets credential stuffing attacks

Three of the largest credential stuffing attacks against streaming services in 2018, ranging in size from 133 million to 200 million attempts, took place shortly after reported data breaches, indicating hackers were likely testing stolen credentials before selling them, says the latest Akamai report.

The attacker use credentials compromised in breaches, but do not limit themselves to those lists.

“In a YouTube video watched by Akamai researchers, an individual walked viewers step-by-step through a tutorial on how to create combination lists to use against the popular online battle royale game,” the report explains.

The report also spotlights easily accessible online video tutorials that provide step-by-step instructions for executing credential stuffing attacks, including using All-in-One applications to validate stolen or generated credentials.

The report lists the United States as the top country of origin for the attacks, followed by Russia and Canada. The U.S. is also the top target, followed by India and Canada.

Previous Akamai research noted that media, gaming and entertainment companies saw 11.6 billion attacks between May and December 2018.

How to prevent attackers from hijacking your accounts?

Stolen credentials can be used for a host of illicit purposes, not the least of which is enabling non-subscribers to view content via pirated streaming accounts.

Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.

“Users need to be educated about credential stuffing attacks, phishing, and other risks that put their account information in jeopardy. Brands should stress the use of unique passwords and password managers to customers and highlight the value of multi-factor authentication,” the researchers noted.

They also advise implementing multi-factor authentication where possible. “When discussing ATOs and AIO scripts, criminals often complain about the use of multi-factor authentication, which is a particularly effective method of stopping most of their attacks,” they pointed out.

More about
  • account hijacking
  • Akamai
  • attack
  • credentials
  • MFA
  • passwords
Share this

Featured news

  • We can’t rely on goodwill to protect our critical infrastructure
  • The emergence of trinity attacks on APIs
  • Hybrid cloud storage security challenges
Guide: How virtual CISOs can efficiently extend their services into compliance readiness

Sponsored

eBook: 4 ways to secure passwords, avoid corporate account takeover

Here’s the deal: Uptycs for all of 2023 for $1

2022 Cloud Data Security Report

Don't miss

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)

We can’t rely on goodwill to protect our critical infrastructure

The emergence of trinity attacks on APIs

Hybrid cloud storage security challenges

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us