There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation.
Credential-stuffing attacks, such as last year’s attack on Spotify, use automated scripts to try high volumes of usernames and password combinations against online accounts in an effort to take them over. Once in, cybercriminals can use the compromised accounts for various purposes: As a pivot point to penetrate deeper into a victim’s machine and network; to drain accounts of sensitive information (or monetary value); and if it’s an email account, they can impersonate the victim for attacks on others.
Read more…
Source: ThreatPost