Credential stuffing cyberattacks are alive and well, according to report from New York’s Attorney General’s office (OAG).