Credential Dumping
Credential Dumping
Disney+ signed up 10 million users and its stock hit a record high shortly after the launch of the streaming service. But that shine quickly faded when many of those eager subscribers began complaining about being locked out of their accounts. Within days of the launch, Disney+ credentials were up for grabs for as little as three dollars. Disney said the site wasn’t actually breached — allegedly, users who found their credentials online likely fell victim to a common (but notoriously bad) practice: using the same password across multiple sites that were later hit by a credential dumping attack.
What you need to know:
Credential dumping simply refers to an attack that relies on gathering credentials from a targeted system. Even though the credentials may not be in plain text — they’re often hashed or encrypted — an attacker can still extract the data and crack it offline on their own systems. This is why the attack is referred to as “dumping.” Often, hackers will try to steal passwords from systems they have already compromised. The problem becomes amplified when users replicate the same password across multiple accounts through multiple systems.
Comments
Post a Comment