Monday, April 22, 2019
  • Facebook’s Ongoing Security Challenges Are a Cautionary Statement for All Companies
  • BSidesSF 2019 , Rod Soto’s, Joseph Zadeh’s & Xiodan Li’s ‘Profiling “VIP Accounts” Access Patterns In User-Centric Data Streams’
  • Online Secuirty and Privacy with a Virtual Private Network
  • Liz Fong-Jones on how to secure SSH with Two Factor Authentication (2FA)
  • California Consumer Privacy Act

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Video-Sharing Platform Targeted by Credential Stuffing Attacks

Video-Sharing Platform Targeted by Credential Stuffing Attacks

by David Bisson on January 28, 2019

Bad actors have targeted a video-sharing technology platform with credential stuffing attacks in order to hijack users’ accounts.

On 25 January, Dailymotion published a statement on its website in which it announced that it had been the subject of “a large-scale computer attack.”

After discovering the digital offensive, Dailymotion’s technical teams implemented various security measures to contain the attack’s scope.

Dailymotion takes a moment in its statement to identify the exact nature of the assault:

The attack consists in “guessing” the passwords of some dailymotion accounts by automatically trying a large number of combinations, or by using passwords that have been previously stolen from web sites unrelated to dailymotion.

Bad actors have numerous data breaches from which to choose for conducting what are generally known as “credential stuffing” or “password reuse” attacks. Take the “Collection #1” data breach, for instance. This security incident exposed approximately 800 million email addresses as well as tens of millions of passwords.

True, the Collection #1 “megabreach” was two or three years old at the time of its discovery, as noted by investigative information security journalist Brian Krebs. But that’s not to say that users who reused their now-compromised credentials across multiple web accounts have updated their passwords. Digital attackers could therefore use those exposed credentials to fuel their credential stuffing attacks, not to mention other types of scam campaigns.

According to Dailymotion’s technical teams, this latest credential stuffing attack is still ongoing. The video-sharing platform is therefore working to definitively end the attack. In the meantime, it’s notified users affected by the campaign and has contacted CNIL (French Data Protection Authority).

Users of Dailymotion and other web services can defend against credential stuffing attacks by using a strong, unique password for each one of their web accounts. They should also enable (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/video-sharing-platform-targeted-by-credential-stuffing-attacks/

January 28, 2019January 28, 2019 David Bisson 2fa, credential stuffing, IT Security and Data Protection, Latest Security News, Password
  • ← Cybertech Tel Aviv 2019: The Pregame Show
  • Facebook to Merge WhatsApp, Instagram, Facebook Messenger by 2020 →
Featured Blog

Ellen Neveux

What is privileged access management (PAM)?

SecureLink

Proposed Texas Bill Would Regulate Vendor Contracts

Ellen Neveux

SecureLink named a March 2019 Gartner Peer Insights Customers’ Choice for Privileged Access Management

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts
Information Security is a Fundamentals Game
DevOps Chat: Forrester Wave Leaders Discuss SCA
Blockchain Reality Check: Which Promises Can It Keep?
DevOps Chat: The Rise of the Cloud-First Architect, with Zscaler’s Chris Hines
50 Best Kubernetes Architecture Tutorials
Can Smart Lighting Beat a Hacker? How Machine Learning Can Boost IoT Security
The Cybersecurity Weakest Link – Linux and IOT
Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware
No Cloud, One Cloud, Multicloud – How do you Secure Big Data Analytics?

Upcoming Webinars

There are no upcoming webinars at this time.

Download Free eBook

7 Reasons Why CISOs Should Care About DevSecOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Threat Modeling: Protecting Security Infrastructures in 2019
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Threat Modeling: Protecting Security Infrastructures in 2019

April 22, 2019 Anurag Agarwal | 9 hours ago 0
Information Security is a Fundamentals Game
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Information Security is a Fundamentals Game

April 18, 2019 Paul Ziegler | 4 days ago 0
ERM: Understanding the State of Cybersecurity and Risk
Cybersecurity Incident Response Industry Spotlight Network Security Security Boulevard (Original) 

ERM: Understanding the State of Cybersecurity and Risk

April 17, 2019 Dustin Owens | Apr 17 0

Top Stories

News 

Capsule8 Supports Google Cloud Security Command Center with Security Partner Integration

April 18, 2019 Deb Schalm | 3 days ago 0
With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts
Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight 

With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts

April 18, 2019 Richi Jennings | 4 days ago 0
News 

Meta Networks Recognized by 451 Research for Zero-Trust Software Defined Perimeter

April 16, 2019 Deb Schalm | Apr 16 0

Security Humor

via the comic delivery system monikered Randall Munroe at XKCD !

XKCD, Email Settings

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.