NAB 2019: Streaming services among most targeted by credential hack attacks | Security | News | Rapid TV News
By continuing to use this site you consent to the use of cookies on your device as described in our privacy policy unless you have disabled them. You can change your cookie settings at any time but parts of our site will not function correctly without them. [Close]
Research from content delivery network Akamai has identified wide-ranging credential abuse attacks against online video and music streaming services.

Akamai 10April2019Among the findings in the State of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report, are details of three of the largest credential stuffing attacks against streaming services in 2018, ranging in size from 133 million to 200 million attempts. These took place shortly after reported data breaches, indicating, said Akamai, that hackers were likely testing stolen credentials before selling them.

The attack method studied is commonly referred to as ‘credential stuffing’ in which nefarious actors tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

Among the purposed the stolen credentials are used for include enabling non-subscribers to view content via pirated streaming accounts. Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.

“Hackers are very attracted to the high profile and value of online streaming services,” said Akamai's director of security technology and strategy Patrick Sullivan and author of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report. “Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse. The good news is that organisations are taking the threat seriously and investigating security defences.”