A US-based cloud service provider, Akamai Technologies reported that the online video and music streaming services were targeted in major credential stuffing attacks almost 30 billion times in 2018.
Credential stuffing is an automated attack where cybercriminals tap automated tools to use stolen login information and attempts to gain access to user accounts on other online platforms on the assumption that consumers use the same login details for multiple sites.
The company released the report, named "State of the Internet / Security | Credential Stuffing - Attacks and Economies (Volume 5, Special Media Edition)" this week.
The report showed that nearly 30 billion credential stuffing attacks were detected by the experts at Akamai. They claimed that these attacks targeted a huge range of sectors including media and entertainment as well as retail and gaming industry as the market for stolen media and entertainment accounts is thriving.
Patrick Sullivan, Akamai director of security technology and strategy stated that the cyber attackers are very attracted to the high profile and value of online streaming services."
As per the reports the hackers target large video and entertainment brands because the stolen digital information especially the access to verified accounts can be easily sold in underground market places.
"If you've ever streamed a song, movie, or TV show online, you may already be familiar with some of the accounts most criminals favour. The information associated with these accounts also has value," the report added.
This year in February the video media sector faced its largest attack which jumped up from 133 million to almost 200 million attempts. It happened at the same time when the world shook by the data breach news that involved 16 organizations from where almost 620 million usernames, passwords and other records were stolen and later sold on the dark-net.
The report mentioned the news about the release of email addresses and passwords by an anonymous individual in the starting of 2019 and stated that the cyber attacker published almost 1 TB of data, amounting to more than 25 billion email address and password combinations.
However, it should be noted that as per Akamai's report, stolen online credentials can be used for a host of illegitimate purpose.
Sullivan stated that the subscribers should be educated enough to understand the importance of using a unique username and password combinations that is "one of the most effective measures businesses can take to mitigate credential abuse." In addition, he also mentioned that currently the organizations "are taking the threat seriously and investigating security defences."
Top attack sources:
Top attack destinations: