There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation.
Credential-stuffing attacks, like last year’s attack on Spotify, use automated scripts to try a large number of usernames and password combinations against online accounts in an attempt to overtake them. Once logged in, cyber criminals can use corrupted accounts for a variety of purposes: As a pivot point to get deep into the victim’s machine and network; drain accounts of sensitive information (or money); and in the case of an email account, they can mimic the victim to carry out attack on others.
Read More: Threatpost
For more such updates follow us on Google News ITsecuritywire News