Credential Stuffing in the Media Industry aka. "date-night offers"

July 19, 2020

As we discussed in an earlier blog post credential stuffing is one of the most prominently-used attack vectors. This is confirmed by Akamai's latest State of the Internet report, which focuses on the media vertical:

Between January 1, 2018, and December 31, 2019, Akamai recorded more than 88 billion credential stuffing attacks across all industries. When we look specifically at the media sector, which includes streaming media, television networks, cable networks, broadcasting, and even digital publishing and advertising, that number is about 17 billion, or about 20% of all attacks.

Akamai blog

Credential stuffing is a technique when stolen or otherwise compromised account credentials—typically in a database or list format—are used to gain unauthorized access to resources using highly-scalable automation processes. Threat actors can gain access to such lists or databases in a number of ways, such as hacking into websites directly or purchasing access on the dark web. The reality is that billions of accounts get breached every year. Some of these breaches eventually become public but the number of compromised accounts accessible on the dark web is even larger. This is a critical issue, and due to password reusing, credential stuffing is a successful method utilized by malicious actors.

If we examine the data in this Akamai report, we can see that account takeover and credential stuffing attacks against the media sector (and in general) are increasing each year. The trend indicates that we can still expect a significant increase in the number of malicious login attempts, and there is no sign of this stopping soon.

So why this vertical?

For one, Akamai states that they have better visibility into this market, hence some of the increase in the detected attacks. Additionally, accounts in the media field prove to be highly valuable in dark markets. The COVID-19 pandemic didn't help this trend either, as many people have stayed home for months.

However, Akamai takes this a step further:

Criminals realize the resale value of accounts in the media industry and that the personal data those accounts contain is useful, too. That data can be collected and resold as a sort of “value-add” proposition to the compromised media assets. For example, a compromised pizza account with reward points (enabling free food delivery) is combined with a compromised streaming media account in the same location and sold to people in those areas, often at a markup. These “date-night” offers are pre-packaged and leverage a number of data points, all of which come from examining the compromised source

Akamai blog

This level of sophistication on criminal forums is quite frightening. All markers indicate that we can't expect the volume of similar attacks to drop in the future. Overall, we can only expect the finesse of the dark markets and criminal forums to continue to elevate.

Blog
Read more
Shadow IT vs Shadow AI: Key Risks and How to Manage Them
December 26, 2024
Shadow IT vs Shadow AI: Key Risks and How to Manage Them
Security Awareness Training Involvement – Introducing Scirge Personal Dashboard
May 21, 2024
Security Awareness Training Involvement – Introducing Scirge Personal Dashboard
The Number One Security Challenge for Your Supply Chain Footprint in 2024
March 18, 2024
The Number One Security Challenge for Your Supply Chain Footprint in 2024
About Scirge
Shedding Light on Shadow IT

Scirge gives organizations the tools to discover and manage Shadow IT by tracking where and how corporate credentials are used across SaaS, supply-chain, GenAI, and other web applications. It helps discover Shadow SaaS and Shadow AI, and identify risks like password reuse, shared accounts, and phishing, while providing real-time awareness messages, automated workflows, and actionable insights.

Trusted by
Ready to discover
Shadow IT?
Shadow AI?
any SaaS app?
any GenAI app?
any supply chain access?
corporate password reuse?
shared accounts?
successful phishing?
SSO accounts?
weak online passwords?
overlapping services?
Contact us
Shadow IT and SaaS Discovery
Cloud and Corporate Identity Protecion
Compliance and Governance
Company
Product
HomeFeaturesPricing
Shadow IT and SaaS Discovery
Shadow IT Visibility And Monitoring
Cloud Application and Identity Inventories
Agentless Historical Shadow IT Audit
Shadow IT and SaaS Security
Password Protection for Corporate and Cloud Identities
Employee Education And Engagement
Phishing Detecion and Awareness
Identity Governance
Compliance with Shadow IT and Shadow AI Monitoring
Asset Management and Supply Chain Control
Cloud Identity Lifecycle Management
Resources
BlogGlossary
Company
AboutContactPrivacy Policy
Shedding Light on Shadow IT
© Scirge, 2025
Close Cookie Popup
Cookie settings
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Accept all cookiesCookie settings
Close Cookie Preference Manager
Cookie settings
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings