What is Credential Stuffing?
Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.
81% of hacker related breaches comes from internet credential theft
What are examples of credential stuffing?
Password guessing, attackers use common passwords and try specific or common usernames across many sites to gain access. Combat this by choosing strong passwords and changing them every so often.
Phishing, uses some pretext to have a person reveal their credentials directly or send them to a site that does the same. Make sure you pay attention to see if the ask is coming from a valid source or not.
Password reuse abuse, attackers will take credentials stolen from one site and try them on other sites. Try using a different password for each site.