Security

Credential Stuffing

An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts through large-scale login attempts.

Also known as:Password StuffingCredential Spraying

What is Credential Stuffing?

Credential stuffing is a type of cyberattack where stolen credentials from data breaches are used to attempt logins on other services. It exploits the common practice of password reuse across multiple accounts.

How It Works

  1. Obtain Credentials

    • Purchase from dark web
    • Harvest from breaches
    • Compile from leaks

  2. Automate Attacks

    • Use botnets
    • Proxy rotation
    • Captcha solving

  3. Test Credentials

    • Large-scale login attempts
    • Across multiple services

  4. Exploit Access

    • Account takeover
    • Data theft
    • Fraud

Attack Characteristics

Scale

  • Millions of attempts
  • Automated tools
  • Distributed sources

Stealth

  • Valid credential format
  • Mimics normal traffic
  • Proxy rotation

Success Rate

  • Typically 0.1-2%
  • Profitable at scale
  • Targets valuable accounts

Defense Strategies

Detection

  • Rate limiting
  • Behavioral analysis
  • Failed login monitoring
  • Bot detection

Prevention

  • MFA requirement
  • Password policies
  • Credential monitoring
  • CAPTCHA (limited effectiveness)

Response

  • Account lockouts
  • Password resets
  • User notification
  • Incident response

Tools and Techniques

Attack Tools

  • Sentry MBA
  • OpenBullet
  • Custom scripts

Defense Tools

  • Bot management
  • WAF rules
  • Threat intelligence
Previous

Context Window

Next

Cryptography