Browse Definitions :
Definition

credential stuffing

Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login. The exploit can allow hackers and those buying stolen credentials to access not just the accounts from the sites they are stolen from but any account where the victim uses the same password.

After obtaining credentials for a number of sites, a hacker may sell a list of user IDs, passwords and email addresses. It is common for these lists to be sold on underground or on the dark web. Whether lists are sold or used by the hacker themselves, it is likely the holder of the account details will want to get as much value from the accounts as possible.

Even though a single account was breached, it can lead to the simultaneous compromise of other sites used by the victim because the credentials are input for multiple sites using automated logins. The attacker often compromises multiple accounts before the user is aware that their account for any site has been breached.

Credential stuffing is a serious threat to both consumers and businesses, which both stand to lose money, either directly or indirectly. In retail in the United Kingdom, it is claimed that over 90 percent of logins come from credential stuffing attacks rather than authentic users. Eliminating these logins could make a significant impact on decreasing credential stuffing.

From an end-user perspective, it's recommended to create different and sufficiently strong passwords for each site. For the site or service provider, tools such as Shape Security's Blackfish or Fortinet's Fortiguard can help fight credential stuffing.

This was last updated in February 2018

Continue Reading About credential stuffing

Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

Security
  • personally identifiable information (PII)

    Personally identifiable information (PII) is any data that could potentially identify a specific individual.

  • zero-day vulnerability

    A zero-day vulnerability is a security loophole in software, hardware or firmware that threat actors exploit before the vendors ...

  • DNS attack

    A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.

CIO
  • data collection

    Data collection is the process of gathering data for use in business decision-making, strategic planning, research and other ...

  • chief trust officer

    A chief trust officer (CTrO) in the IT industry is an executive job title given to the person responsible for building confidence...

  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing resources.

HRSoftware
  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

  • ADP Mobile Solutions

    ADP Mobile Solutions is a self-service mobile app that enables employees to access work records such as pay, schedules, timecards...

  • director of employee engagement

    Director of employee engagement is one of the job titles for a human resources (HR) manager who is responsible for an ...

Customer Experience
  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

  • contact center schedule adherence

    Contact center schedule adherence is a standard metric used in business contact centers to determine whether contact center ...

  • customer retention

    Customer retention is a metric that measures customer loyalty, or an organization's ability to retain customers over time.

Close