Exploit: Credential stuffing attack.
Sky UK: British telecommunications company.
Risk to Small Business: 2.333 = Severe Risk: Following a credential stuffing attack detected in June that provided hackers with access to several Sky.com email accounts, the company is resetting all user passwords and locking their accounts. To regain access to their information, Sky customers have to call the company, and an automated system walks them through the unlocking process. While this may prevent these credentials from being used in an attack, the process is very inconvenient for customers, and it can have long-term consequences for the brand’s reputation.
Individual Risk: 2.571 = Moderate Risk: Although some Sky.com accounts were accessed, the company does not believe that personal information was viewed or downloaded, and their recent actions are precautionary rather than reactionary. However, anyone with a Sky account should carefully monitor their credentials for possible signs of unauthorized access.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks are becoming more prominent, having impacted several high-profile companies in the past year. The tactic relies on user credentials attained on the Dark Web, and it can be especially successful when employees don’t actively update their passwords. Knowing if login credentials are compromised can give companies the edge, prompting employees to reset their passwords before an attack occurs.
ClearYolk to the Rescue: We monitor the Dark Web to find out if your employee or customer data has been compromised. We work with organisations to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
https://www.zdnet.com/article/credentials-stuffing-attack-prompts-password-resets-for-sky-customers/
