Credential stuffing attacks directed at LiveJournal's social media service Dreamwidth appear to be fueled by a hack six years ago that exposed 26 million of their usernames and passwords.
While only 14,500 accounts were compromised in the relatively small credential stuffing attack that successfully hit the Canadian government, highly sensitive financial and personal information were exposed.
Hackers compromised more than 300,000 Spotify accounts in a credential stuffing attack exploiting a third-party database containing 380 million credentials stolen from other breaches.
Threat actors compromised American automaker General Motors in a credential stuffing attack, accessed customers' personal information, and redeemed reward points for gift cards.
Online businesses must prioritize credential stuffing mitigations by detecting and preventing automation in credential stuffing, and identifying compromised credentials of legitimate users and forcing them to change password to disincentivize the attackers and break the attack lifecycle.
A credential stuffing attack on American outdoor apparel company, The North Face, compromised nearly 200,000 accounts just two years after a similar incident.
Though it did not suffer a security breach, PayPal is reporting that a massive credential stuffing attack appears to have yielded access to about 35,000 PayPal accounts.