Akamai: Broadcast, Video Sites Saw Huge Uptick in Credential Stuffing Attacks

(Image credit: Akamai)

CAMBRIDGE, Mass.—Broadcast TV and video are popular targets for criminals to launch credential stuffing attacks, according to a new report from Akamai that looked at the entire industry landscape.

Credential stuffing is the method by which criminals tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, assuming that consumers use the same login and password for multiple services. The use of these stolen credentials can range from just allowing a non-subscriber to watch content via pirated streaming accounts or, more dangerously, stealing personal information.

While the media industry is a prime target in general—Akamai reports that 20% of the 88 billion credential stuffing attacks observed from January 2018-December 2019 were targeted at media companies—the video media sector is becoming increasingly targeted. There was a 63% increase year-over-year in attacks against the video sector, per Akamai. This includes a 630% increase against broadcast TV sites and a 208% increase against video sites. Video services saw a 98% increase in attacks; attacks against video platforms, however, dropped by 5%.

Reasons for this increase in attacks against broadcast TV and video sites includes the rise in on-demand media content in 2019, as well as the launch of new video services (Akamai doesn’t specifically name the services), the kind of things that credential stuffing attackers target, says Akamai.

The U.S. is the number one place for credential stuffing attacks against media companies, with a reported 1.1 billion in 2019.

The “Akamai 2020 State of the Internet/Credential Stuffing in Media Industry” report was delayed from its original April date to July because of COVID-19, but that delay allowed for Q1 2020 data to be added to the report. This included a spike in malicious login attempts against European video service providers.

“As long as we have usernames and passwords, we’re going to have criminals trying to compromise them and exploit valuable information,” Steve Ragan, Akamai security researcher and author of the report, explained. “Password sharing and recycling are easily the two largest contributing factors in credential stuffing attacks. While educating consumers on good credential hygiene is critical to combating these attacks, it’s up to businesses to deploy stronger authentication methods and identify the right mix of technology, policies and expertise that can help protect customers without adversely impacting the user experience.”

The complete Akamai report is available online