A computer hacker caused $4M of damage in cyber-attacks on Microsoft and Nintendo after he…
“At the same time, it is still unclear exactly how the attackers hack accounts. Maybe hackers use credential stuffing attacks, but that’s just one theory”, – write ZDNet reporters.
The term credential stuffing refers to situations where usernames and passwords are stolen from some sites and then used against others. That is, the attackers have a ready-made database of credentials (purchased on the darknet, collected independently, and so on) and try to use this data to log in to any sites and services under the mask of their victims.
However, many victims claim that they used complex and unique passwords for their accounts, including those created using password managers. So, hackers can use not only credential stuffing and iterate over the most common combinations of recorded data.
Let me remind you that according to the Microsoft report: 99.9% of compromised accounts did not use multifactor authentication.
Often, victims also report a loss of funds because of hacking. In some cases, hackers buy Nintendo games at someone else’s expense, but most often attackers purchase Fortnite game currency through a Nintendo profile card or PayPal account.
“I get home from work and find out on the way that my Nintendo account was hacked and [hackers] spent $ 300 on Fortnite. Hug me…”, — writes one of the affected users on Twitter.
You can find many similar complaints on social networks. Although so far there is no exact data on the number of hacked accounts, it is clear that the problem has considerable scope.
Famous personalities, for example, the editor of game reviews of the ArsTechnica publication, also suffered from attacks.
“Reviews Editor Ron Amadeo received a plain-text email notice from Nintendo, titled simply, “[Nintendo Account] New Sign-In.” The notice included the following sign-in details: a 5:25pm ET timestamp; the sign-in taking place via the Firefox browser (which Amadeo says “is not even installed” on any devices he used today)”, — write ArsTechnica journalists.
Referring to their own sources in the information security community, ZDNet reporters write that they found on the Internet many fresh ads about the sale of Fortnite game currency and V-bucks, purchased from Nintendo Switch accounts. Researchers believe that these ads may be related to recent events.
Recall that we wrote about an unusual solution in the fight against attackers from the gaming giant Ubisoft: DDoS attacks on Ubisoft almost completely stopped after company threatens with a lawsuit.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…