Akamai found that attackers most often targeted retail sites, video-streaming services, and entertainment companies. Because the company defined a credential-stuffing attack as a log-in attempt using an e-mail address, financial firms did not show up often in the data set, as most financial firms do not allow customer to log in with an e-mail address.
Online groups are after all sorts of credentials, McKeay says.
“They are looking at getting your streaming credentials, and they are looking for your gaming credentials — there is a large market for these things,” he says. “If they can go and prove that what they have is a valid set of credentials, there is money to be made there.”
Read More.. Source Dark Reading