The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019, according to a new report from global content delivery network, cybersecurity, and cloud service company Akamai.
The Akamai 2020 State of the Internet / Credential Stuffing in the Media Industry report found that 20% of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies.
Credential stuffing is where a username and password from a previous data breach are used fraudently to gain access to user accounts.
Media companies present an attractive target for criminals according to the report, which reveals a 63% year-over-year increase in attacks against the video media sector.
The report also shows 630% and 208% year-over-year increases in attacks against broadcast TV and video sites, respectively.
At the same time, attacks targeting video services are up 98%, while those against video platforms dropped by 5%.
Steve Ragan, Akamai security researcher and author of the report, says much of the value in media industry accounts lies in the potential access to both compromised assets, like premium content, along with personal data.
“We’ve observed a trend in which criminals are combining credentials from a media account with access to stolen rewards points from local restaurants and marketing the nefarious offering as ‘date night’ packages,” Ragan says.
“Once the criminals get a hold of the geographic location information in the compromised accounts, they can match them up to be sold as dinner and a movie.”
Video sites are not the sole focus of credential stuffing attacks within the media industry.
The report found a 7,000% increase in attacks targeting published content.
Newspapers, books and magazines also sit within the sights of cybercriminals.
“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information,” Ragan says.
“Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks.
"While educating consumers on good credential hygiene is critical to combating these attacks, it’s up to businesses to deploy stronger authentication methods and identify the right mix of technology, policies and expertise that can help protect customers without adversely impacting the user experience.”
Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at adnews@yaffa.com.au
Sign up to the AdNews newsletter, like us on Facebook or follow us on Twitter for breaking stories and campaigns throughout the day.