In credential stuffing attacks, threat actors leverage stolen or leaked credentials like usernames and passwords to break into user accounts illicitly.By CISOMAG – September 21, 2021SHARE FacebookTwitter

Credential stuffing attacks
Read Aloud

Thwarting cyberattacks has become highly complicated today. Unauthorized intrusions have seen a surge despite security measures implemented by internet users and corporates to safeguard their accounts and data. These intrusions often expose consumers to credential stuffing attacks, making it even more difficult for organizations to detect and respond.

By Rudra Srinivas, Feature Writer, CISO MAG

What are Credential Stuffing Attacks?

In credential stuffing attacks, threat actors leverage stolen or leaked credentials like usernames and passwords to break into user accounts illicitly. Adversaries launch a credential stuffing attack by adding a list of compromised usernames and passwords to botnets or automated tools that initiate the authentication process on various websites.

After compromising user accounts, attackers launch identity theft, phishing, impersonation scams, and other data abuse acts. They mainly obtain user credentials via data breaches or purchase them on the dark web underground markets.

Credential Stuffing vs Brute Force Attacks

In brute-force attacks, attackers guess passwords using dictionaries or common word combinations to penetrate user accounts. Whereas in credential stuffing attacks, hackers rely on legitimate credentials obtained from data leaks and misconfigured servers.

Successful credential stuffing attacks allow hackers to perform

  • Trade compromised account credentials on the dark web.
  • E-commerce frauds.
  • Corporate espionage campaigns.
  • Identity theft.
  • Brand impersonation attacks.

Credential Stuffing Attack Landscape 

Compared to brute-force attacks, credential stuffing attacks are easy to execute and have a higher success rate because most users keep/reuse the same passwords for different accounts. This allows adversaries to compromise multiple accounts after gaining access to one account. The easy availability of stolen/leaked credentials in underground darknet markets has led to credential stuffing attacks and account takeover (ATO) attacks.

According to a report, the number of corporate credentials with plaintext passwords on the darknet market has increased by 429% since March 2020. Hackers can also monitor an organization’s corporate network and access sensitive data, intellectual property, competitive information, or funds. Several industry vectors have sustained the rise of credential stuffing attacks lately. As per a survey report, credential stuffing attacks on the media industry have increased. Nearly 20% of the 88 billion total credential stuffing attacks were reported on media and video streaming companies. The report also found a 63% year-over-year increase in attacks against the media sector, followed by broadcast TV (630%) and video sites (208%).


Strong usernames and passwords won’t prevent hackers from accessing user accounts. Here are some security measures to protect online accounts against credential stuffing attacks:

  • Enable passwordless authentication process.
  • Use continuous authentication systems like biometrics or behavioral patterns to verify the user’s authenticity.
  • Enable Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA).
  • Avoid reusing leaked/breached credentials.
  • Check whether your credentials or personal data have been leaked in any data breach at haveibeenpwned.