As any cybersecurity aficionado knows, it’s no longer a matter of if you are attacked, but when. Now, a survey has demonstrated that you are also more likely to be hacked if you are using certain services—namely, Netflix, EA, Xbox, Sony Entertainment and Spotify.
The survey was carried out by cybersecurity company Dynarisk, which used data obtained from the dark web and hacker communities.
The firm outlines how this data is shared among criminal communities as they seek ways to abuse or monetize the stolen records. This data is often combined with other information in an attempt to form a picture of individuals for identity theft.
The most attacked brands
So, which are the most attacked sites? The results aren’t surprising, given that these brands also have a large number of users. Some of the companies named collect large amounts of data (looking at you, Facebook) or have suffered known data breaches in the past (Facebook and Yahoo, for example).
“Unfortunately, the ugly truth is that the more prolific a brand, the more attractive it is to cyber criminals,” DynaRisk said in a press release. “Hackers will target bigger brands to not only steal valuable information, but also to demonstrate their skills to peers within the criminal community.
“There are also monetary benefits; Netflix and Spotify are the perfect target for criminals who can resell stolen credentials to willing customers who want an account a fraction of the retail cost.”
Here’s the list in full:
| Rank | Top targeted brands |
| 1. | Riotgames.com |
| 2. | Netflix |
| 3. | Spotify.com |
| 4. | Origin.com |
| 5. | Ea.com |
| 6. | Sonyentertainmentnetwork.com |
| 7. | Live.com |
| 8. | Crackingcore.com |
| 9. | Realitykings.com |
| 10. | Xbox.com |
| 8. | Amazon.com |
| 12. | Adobe.com |
| 13. | Wwe.com |
| 14. | Steampowered.com |
| 15. | Deezer.com |
| 16. | Facebook.com |
| 17. | Beatsmusic.com |
| 18. | Yahoo.com |
| 19. | Rapidgator.net |
| 20. | Hitleap.com |
The most hacked industries
DynaRisk also investigated the most hacked industries and discovered that hackers consistently target pornography sites “possibly to cash in on the sensitive nature of the content.”
Here is the full list of targeted industries:
| Row labels | % |
| Non-standard content | 31.7% |
| Technology & computing | 22.1% |
| Adult and niche | 13.9% |
| Hobbies & Interests | 9.4% |
| Arts & Entertainment | 4.1% |
| Shopping | 1.3% |
| Illegal Content | 2.5% |
| Business | 2.2% |
| Personal finance | 1.9% |
| Sports | 1.4% |
| Society | 1.3% |
| Food & Drink | 1.2% |
| Education | 0.7% |
| Travel | 0.6% |
| Style & Fashion | 0.6% |
| Law | 0.4% |
| News/Weather/Information | 0.4% |
| VPNs/Proxies & Filter | 0.3% |
| Automotive | 0.3% |
| Home & Garden | 0.1% |
| Couponing | 0.1% |
| Unmoderated UGC/Message board | 0.1% |
| Pets | 0.1% |
| Careers | 0.1% |
| Science | 0.1% |
| Mac support | 0.1% |
| Health & Fitness | 0.1% |
| Antivirus Software | 0.1% |
| TV & Video | 0.1% |
| Web design/HTML | 0.1% |
The risks
The folks at Dynarisk point out that huge caches of stolen data can be utilized for account takeovers–where hackers will attempt to log into legitimate user accounts using username and password combinations obtained from data breaches.
Andrew Martin, DynaRisk’s CEO, thinks people need to be more concerned about the way in which big brands are handling their data. “Consumers’ number one concern might not be the security of their personal data when they are enjoying the content offered by their favorite digital entertainment brands–but they shouldn’t assume that brands are taking care of their information.
“Recent high-profile data concerns on social media platforms has likely alerted consumers to the ease with which data and personal information can be stolen or misused by third parties. However they might not have the same awareness of the risks to accounts on services like Netflix being attacked.”
What to do now
I have said it before and I will repeat it again (until people listen): Password security is integral. If a password has been breached once, it can be used again by attackers who will throw credentials at other services in so-called credential stuffing attacks.
That is why you should always have strong, unique passwords across services. The best way to do this is to use a password manager such as LastPass or 1Password. You can also find out if your email address or password has been caught up in a breach by using the highly esteemed HaveIBeenPwned service–which has done so well, it is currently up for sale.
At the same time, use 2-factor authentication where possible and make sure your software is up to date. Breaches continue to happen every day and they take advantage of weak security. Being aware of this and taking small simple steps to secure yourself can make all the difference.
