Credential Stuffing

Credential stuffing is a type of cyberattack where cybercriminals exploit stolen usernames and passwords from one organization to gain unauthorized access to user accounts at another organization. These credentials are often obtained through data breaches or purchased from the dark web, leading to a growing opportunity for cybercriminals due to the vast number of compromised credentials available.

To execute a credential stuffing attack, cybercriminals utilize a botnet, a network of automated bots, to systematically try stolen username and password pairs on multiple websites simultaneously. These large-scale botnet attacks can overwhelm a business’s IT infrastructure, causing websites to experience significantly increased traffic during the attack.

Once cybercriminals identify a website where a set of credentials works, they gain access to the user’s account and personal data, enabling them to engage in various illicit activities:

• Selling access to compromised accounts: Media streaming services like Disney+, Netflix, and Spotify are often targeted, with hackers selling access to user accounts for a fraction of the actual subscription cost.
• E-commerce fraud: Hackers impersonate legitimate users on retailers’ websites and order high-value products for personal use or resale, leading to potential financial losses and identity theft.
• Corporate/institutional espionage and theft: One of the most severe consequences of credential stuffing involves hackers gaining access to employee or administrator accounts. This access allows them to extract sensitive personal information, such as credit card numbers, social security numbers, addresses, and login credentials, which they can then sell to the highest bidder, causing significant harm to merchants and their customers.