More than one million online accounts across 17 well-known companies were the victim of hacking attempts that reused previously stolen passwords swirling around the internet, New York’s top law enforcement officer said on Jan 5.
The ruse, known as a “credential stuffing attack”, involves a cyber criminal trying to repeatedly access someone’s account by deploying user names and passwords that were previously made public. User names and passwords are sometimes posted or sold on the dark web or hacking forums after being stolen in cyberattacks.