Leo Pate, application security consultant at nVisium, said conducting credential stuffing attacks is easy, low-risk and they deliver high return on investment (ROI) if successful. “From a criminal point-of-view, most media platforms don’t offer strong security controls, like multi-factor authentication, or users simply do not take advantage of them even if available, thereby resulting in a higher rate of successful compromise,” he added.
“Additionally, some media platforms utilize the same credentials in other platforms they own; for example, Amazon Prime Video and Amazon Prime. Therefore, a successful compromise of an Amazon Prime Video account will likely lead to a successful compromise of an Amazon Prime account as well. This also enables the criminal to potentially even more financial and personal information.”