Credential stuffing is a hacking technique where fraudsters use stolen passwords to unlock multiple user accounts and use them for several downstream frauds. Years of data exposure through incidents of a data breach, easy availability of commoditized tools, and reuse of passwords across digital accounts and websites are all contributing to the rise in credential stuffing attacks
A credential stuffing attack refers to automated or human-driven activity whereby fraudsters try to match stolen username-password combinations to find valid matches at scale. Once valid credentials are obtained, fraudsters can make money by either selling them to third parties or on the dark web or using these databases themselves to orchestrate account takeover attacks.