Akamai recorded nearly 30 billion credential stuffing attacks in 2018. The vast majority of these fraudulent login attempts were performed by botnets or by all-in-one (AIO) applications using stolen credentials. January 2019 saw the public release of a massive collection of private credentials — more than 25 billion email address and password combinations. Though much of the user information was from older data breaches, the audacious data dump reflects the reality that the theft, abuse, and sale of username/password combinations is a thriving criminal business.
In the new “State of the Internet / Security — Credential Stuffing: Attacks and Economies” Special Media Report, Akamai researchers dig into this trend, which has significant impacts for gaming, video, and entertainment companies. You’ll learn:
- Why cheap tools and free tutorials lower the bar of entry for would-be criminals
- How malicious actors turn data breaches into substantial profits on darknet markets
- What businesses can do to detect and prevent credential stuffing attacks