After weathering two waves of credential stuffing attacks thus far in 2024, the second of which involved over half a million compromised accounts, Roku is now requiring that customers set up a 2FA method.
A widespread 2FA bypass attack compromised Comcast Xfinity customer email accounts and attempted to take over their Coinbase and Gemini Wallets, Evernote and Dropbox accounts.
The FBI warned about the prevalent use of proxies and configurations to mask and automate credential stuffing attacks. Threat actors extensively leveraged residential proxies instead of those connected to data centers to avoid triggering suspicious behavior monitors.