CREDENTIAL STUFFING

Credential Stuffing

Credential stuffing occurs when a cybercriminal obtains a large number of stolen or leaked login credentials - username and password pairs - for one website and tests them on the login pages of other websites. The attacker's goal is to gain unauthorized access to as many user accounts as possible and then carry out other attacks or fraudulent activities. Those could involve account takeovers (ATOs) that enable attackers to drain money from bank accounts, make large purchases, or steal identities to create new, fraudulent accounts.

At worst, an attacker tries to escalate user privileges to gain a foothold in an organization's network and carry out more serious attacks. Using readily available attack tools, cybercriminals can feed (or 'stuff') hundreds of thousands or even millions of compromised credentials into the login pages of one or more websites at a time.

Works Cited

Click to Expand

Images:

https://auth0.com/blog/what-is-credential-stuffing/

Information:

https://www.f5.com/labs/articles/education/what-is-credential-stuffing-

Previous Page - Brute Force Attack

Next Page - Cross Site Scripting (XSS)

Page updated

Google Sites

Report abuse