Credential stuffing is a type of cyber attack where a malicious person uses login information they obtained from one website to try and log in to another website, such as a bank. The attacker hopes that people used the same login information for both sites. Credential stuffing is a popular attack because cyber criminals can get lists of login information from breaches and use tools to get around traditional login protections.
The reason why credential stuffing is effective is that many people reuse passwords for multiple websites. Even though the success rate of credential stuffing is low, the huge number of login credentials being traded by attackers means they can still find success. Bot technology makes it easier for attackers to attempt many logins that appear to come from different devices and IP addresses.
To prevent credential stuffing, users should use unique passwords for each website and enable two-factor authentication. For companies, preventing credential stuffing is challenging because it occurs as a result of data breaches at other companies. However, companies can provide added login security features such as two-factor authentication and captchas to stop malicious bots. Bot management services can also help protect against credential stuffing by stopping malicious bots without impacting legitimate logins.
Looking to learn more? We suggest heading over to Cloudflare’s Learning Center for an in-depth look at about credential stuffing.
Share this:
