Jump to content

Video-Sharing Platform Targeted by Credential Stuffing Attacks


The AchieVer
 Share

Recommended Posts

Video-Sharing Platform Targeted by Credential Stuffing Attacks

           David Bisson
 

Bad actors have targeted a video-sharing technology platform with credential stuffing attacks in order to hijack users’ accounts.

index-23.pngOn 25 January, Dailymotion published a statement on its website in which it announced that it had been the subject of “a large-scale computer attack.”

After discovering the digital offensive, Dailymotion’s technical teams implemented various security measures to contain the attack’s scope.

Dailymotion takes a moment in its statement to identify the exact nature of the assault:

The attack consists in “guessing” the passwords of some dailymotion accounts by automatically trying a large number of combinations, or by using passwords that have been previously stolen from web sites unrelated to dailymotion.

Bad actors have numerous data breaches from which to choose for conducting what are generally known as “credential stuffing” or “password reuse” attacks. Take the “Collection #1” data breach, for instance. This security incident exposed approximately 800 million email addresses as well as tens of millions of passwords.

 

True, the Collection #1 “megabreach” was two or three years old at the time of its discovery, as noted by investigative information security journalist Brian Krebs. But that’s not to say that users who reused their now-compromised credentials across multiple web accounts have updated their passwords. Digital attackers could therefore use those exposed credentials to fuel their credential stuffing attacks, not to mention other types of scam campaigns.

 

According to Dailymotion’s technical teams, this latest credential stuffing attack is still ongoing. The video-sharing platform is therefore working to definitively end the attack. In the meantime, it’s notified users affected by the campaign and has contacted CNIL (French Data Protection Authority).

 

Users of Dailymotion and other web services can defend against credential stuffing attacks by using a strong, unique password for each one of their web accounts. They should also enable two-factor authentication (2FA) for all services that offer the option of using the feature.

 

Source

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • The AchieVer

    1

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...