Streaming Services Among the Most Targeted by Credential Stuffing Attacks According to Akamai Report

Largest Attacks Indicate Testing of Stolen Credentials; Report Notes Online Tutorials and All-in-One Applications Supporting Market-Specific Hacking Efforts

Las Vegas, MA |

Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, today released research detailing wide-ranging credential abuse attacks against online video and music streaming services. Among the findings in the State of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report, three of the largest credential stuffing attacks against streaming services in 2018, ranging in size from 133 million to 200 million attempts, took place shortly after reported data breaches, indicating hackers were likely testing stolen credentials before selling them.

Security of streaming properties is top of mind at the 2019 NAB Show in Las Vegas this week, where Akamai’s Director of Security Technology and Strategy Patrick Sullivan unveiled the new research during an NAB Cybersecurity & Content Protection Summit presentation. He will discuss the findings on AkamaiTV, streaming live from Akamai’s NAB booth, SL3324, on Monday, April 8th, at 12:30 PM PT. Akamai experts will also be available throughout the show to demonstrate and detail the Company’s security capabilities.

The attack method studied is commonly referred to as “credential stuffing,” in which nefarious actors tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

“Hackers are very attracted to the high profile and value of online streaming services,” said Sullivan.

Stolen credentials can be used for a host of illicit purposes, not the least of which is enabling non-subscribers to view content via pirated streaming accounts. Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.

“Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse. The good news is that organizations are taking the threat seriously and investigating security defenses, as evidenced by the discussions at NAB. Akamai offers its research and best practices to help these organizations who are facing significant brand and financial harm,” Sullivan added.

The report spotlights how Akamai researchers discovered easily accessible online video tutorials that provide step-by-step instructions for executing credential stuffing attacks, including using All-in-One applications to validate stolen or generated credentials. The report lists the United States as the top country of origin for the attacks, followed by Russia and Canada. The U.S. is also the top target, followed by India and Canada. Previous Akamai research noted that media, gaming and entertainment companies saw 11.6 billion attacks between May and December 2018.

The 2019 State of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report is available for download here. For additional information about credential abuse – specifically credential stuffing – and advice for organizations facing these types of attacks, visit Akamai's resource site.

Sobre a Akamai

A Akamai protege e entrega experiências digitais para as maiores empresas do mundo. A plataforma inteligente da Akamai engloba tudo, desde a empresa até a nuvem, para que os clientes e suas empresas possam ser rápidos e inteligentes e estar protegidos. As principais marcas mundiais contam com a Akamai para ajudá-las a obter vantagem competitiva por meio de soluções ágeis que ampliem o poder de suas arquiteturas compostas por várias nuvens. A Akamai mantém as decisões, as aplicações e as experiências mais próximas dos usuários, e os ataques e as ameaças cada vez mais distantes. O portfólio de soluções de segurança de borda, desempenho na Web e em dispositivos móveis, acesso corporativo e entrega de vídeos da Akamai conta com um excepcional atendimento ao cliente, análise e monitoramento 24 horas por dia, 7 dias por semana, durante o ano inteiro. Para saber por que as principais marcas mundiais confiam na Akamai, visite, ou @Akamai no Twitter. Nossas informações de contato global estão disponíveis em