Technology
Cybersecurity

Hackers Tried Recycled Passwords on More Than a Million Accounts

  • New York AG announces results of ‘credential stuffing’ inquiry
  • Officials worked with firms to improve their cybersecurity

Photographer: Thomas Trutschel/Photothek/Getty Images

Contact us:
Provide news feedback or report an error
Confidential tip?
Send a tip to our reporters
Site feedback:
Take our SurveyNew Window
By Jack Gillum
Lock
This article is for subscribers only.

More than 1 million online accounts across 17 well-known companies were the victim of hacking attempts that reused previously stolen passwords swirling around the internet, New York’s top law enforcement officer said Wednesday.

The ruse, known as a “credential stuffing attack,” involves a cyber criminal trying to repeatedly access someone’s account by deploying user names and passwords that were previously made public. User names and passwords are sometimes posted or sold on the dark web or hacking forums after being stolen in cyberattacks.

HomeBTV+Market DataOpinionAudioOriginalsMagazineEvents
News
MarketsEconomicsTechnologyPoliticsGreenCryptoAI
Work & Life
WealthPursuitsBusinessweekCityLabSportsEqualityManagement & Work
Market Data
StocksCommoditiesRates & BondsCurrenciesFuturesSectorsEconomic Calendar
Explore
NewslettersExplainersPointed News QuizAlphadots GameThe Big TakeGraphicsSubmit a TipAbout Us
Terms of ServiceTrademarksPrivacy Policy
CareersAdvertise
Ad Choices
Help©2026 Bloomberg L.P. All Rights Reserved.