Credential stuffing attacks

In a credential stuffing attack, credentials are stolen from one site – typically a username and password – and then used to gain access to accounts on other sites. These cybercrimes take advantage of the fact that many people use the same usernames and passwords across multiple sites.

Cybercriminals gain access to login credentials by hacking into sites or purchasing credentials on the dark web. They then set up an automated bot to use this account information to log in elsewhere – gaining access to banking, government, health care or e-commerce sites.

• Financial losses
• Reputation damage
• Investigation and prosecution costs
• Loss of customers

• Require multi-factor authentication when users are signing in to your site.
• Use a multi-step login process, which can make it more difficult for bots and hackers to gain access.
• Monitor traffic to your site. Credential stuffing attacks are usually automated – so if you see a spike in the number of login attempts or failed logins, you are probably under attack.
• Block IP addresses that you can connect to an automated attack.
• Limit login attempts to a certain duration or number. For example, if there are five consecutive invalid login attempts in a row, block the user.
• If your employees can gain remote access to your network, make sure they log in through a virtual private network, which will allow them to use their login credentials safely.
• Run simulated credential stuffing attacks to practice your response. You should also have a communications plan in place – as you will likely need to ask some or all of your users to reset their credentials.