The number of high-profile data breaches hitting the headlines has made the public more conscious about the security of their online data and personal information than ever before. In order to get a better idea of where consumer data may be vulnerable to theft, we wanted to investigate the brands most commonly ‘attacked’ by cyber criminals.
The results of this investigation were revealing. Among the top five most attacked brands are Netflix, EA and Spotify – some of the world’s most popular digital entertainment brands. The investigation demonstrates how consumer accounts on these services are at risk of being hijacked by cyber criminals.
The result of huge caches of stolen data being made available is often account takeover (ATO) – where hackers will attempt to log into legitimate user accounts using username and password combinations obtained from data breaches. DynaRisk’s intelligence team obtained 1,500 configuration files for a popular hacking tool that is used to carry out these attacks. After sifting through each file, we were able to determine which brands were referenced the most times.
Out of the 600 brands we evaluated, the top 20 brands most commonly targeted by hackers were…
1. Riotgames.com
2. Netflix
3. Spotify.com
4. Origin.com
5. Ea.com
6. Sonyentertainmentnetwork.com
7. Live.com
8. Crackingcore.com
9. Realitykings.com
10. Xbox.com
11. Amazon.com
12. Adobe.com
13. Wwe.com
14. Steampowered.com
15. Deezer.com
16. Facebook.com
17. Beatsmusic.com
18. Yahoo.com
19. Rapidgator.net
20. Hitleap.com
Xbox, Amazon and – perhaps unsurprisingly – Facebook make an appearance within this list. Unfortunately, the ugly truth is that the more prolific a brand, the more attractive it is to cyber criminals. Hackers will target bigger brands to not only steal valuable information, but also to demonstrate their skills to peers within the criminal community. There are also monetary benefits; Netflix and Spotify are the perfect target for criminals who can resell stolen credentials to willing customers who want an account a fraction of the retail cost.
The most hacked industries
Aside from the brands we investigated, we also discovered that hackers consistently target pornography sites – possibly to cash in on the sensitive nature of the content. ‘Non-standard content’ (the majority of which are pornography sites) makes up a huge 31.7% of our database, with technology & computing sites coming second (22.1%) and ‘niche adult’ sites landing third place (13.9%).
In 2017, Pornhub was targeted by hackers who had been hiding malicious software behind adverts. Affected users were infected with the virus if they clicked on a tab that stated there was “a critical update” for the browser on which they were viewing Pornhub. Once a user clicked on the link, the virus was downloaded, and it could trace a person’s web history and identification. As a result of the year-long attack, millions of visitors to the adult website were affected.
Adult websites attract huge numbers of visitors as they offer sought after content, so it’s fair to assume that the more popular the industry or brand, the higher the risks associated with cyber crime.
The full list of targeted industries can be found below.
Andrew Martin, DynaRisk’s CEO, believes that consumers need to be more concerned about the way in which big brands are handling their data.
“Consumers’ number one concern might not be the security of their personal data when they are enjoying the content offered by their favourite digital entertainment brands – but they shouldn’t assume that brands are taking care of their information.
“Recent high-profile data concerns on social media platforms has likely alerted consumers to the ease with which data and personal information can be stolen or misused by third parties, however they might not have the same awareness of the risks to accounts on services like Netflix being attacked.
“There is a huge amount of education needed around cyber security – fueled by a misunderstanding that having antivirus software installed on devices grants them immunity from having their personal details stolen. With corporations failing to protect consumers (often unintentionally), it’s time for people to self-empower and take better steps to improve cyber security credentials themselves. This can be achieved by finding out their own personal Cyber Security Score and then acting on what they need to do to improve it.”
How to protect yourself from growing cyber threats
Aside from anti-virus software, there are some standard best-practices that you should adopt to reduce your risks online…
Enable 2-factor authentication
2-factor authentication (sometimes referred to as 2-step verification or 2FA) adds an extra layer of security and makes account take over more difficult. After entering your password, a code (usually sent via SMS to your phone, or via email) is required to access your account.
Use unique passwords
Some services don’t offer 2-factor authentication which means it’s extremely important to use strong, unique passwords for each account. A strong password should contain 8-12 characters, a mixture of upper and lower-case characters, numbers and if permitted, symbols.
Use a password manager
If remembering a dozen or more passwords isn’t your forte, a password manager like LastPass can really help. It can also generate passwords for you.
Educate yourself
Cyber security threats are constantly changing so it’s important to stay up to date and understand what’s going on. When a breach or leak becomes public knowledge, it gives you an opportunity to log into your account and check that everything is okay or take the necessary steps to protect yourself.
Make sure your software is up to date
Whether it’s on your laptop, PC, mobile phone or tablet, you should always install software updates as they usually contain fixes for any bugs discovered in the previous version.
Discover more about your digital footprint
We spend more time online than ever, and as a result, our digital or ‘data’ footprint is huge – made bigger still when companies entrust our data with external suppliers and service providers. It would shock many of us to know just how far our data stretches! If the companies storing your data follow best security practices and GDPR regulations, this shouldn’t really pose an issue. But sadly, many companies leak data without even knowing it.
Scan your email address using our Data Breach Scanner and find out whether your information has ever been breached or leaked – 60% of people who use our scanner discover their details have been shared by cyber criminals on the dark web!