Credential Stuffing

Category: science

An automated cyberattack where threat actors feed lists of leaked username and password pairs into web login interfaces.

Credential stuffing exploits human behavior: the tendency for users to recycle identical passwords across distinct sites. Hackers take a password dump leaked from an old public breach and use botnets to automated-test those pairs against target banking or insurance portals.

Common Examples

  • Our security gateway identified a credential stuffing attack when a single IP block attempted forty distinct logins within a minute.
  • Enforcing custom rate limits combined with active multi-factor authentication breaks the utility of automated credential stuffing lists.

AvoCoLab – Community, News & Market Intelligence