Collecting (stealing) credentials is a favourite pastime of threat actors – either to break into accounts directly or to add them to their credential stuffing attacks (looking for those people who reuse passwords) or just to sell on the dark web!
Here they are doing it to users of the streaming service Plex:
User details exposed in attack on Plex streaming service • The Register
Your takeaway from this attack, watch out for those unexpected password reset requests.
Further Reading
FBI Credential Stuffing warning – Smart Thinking Solutions
Please Note:
I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.