Credential Stuffing definition in Cybersecurity

Credential stuffing is an attack method where attackers use lists of known usernames and passwords to gain unauthorized access to accounts, exploiting the reuse of credentials across services.

Notable Incidents

  1. The massive attack on Spotify accounts in 2020, utilizing previously breached username and password pairs.
  2. Dunkin' Donuts account credential stuffing attacks in 2019, affecting DD Perks rewards program members.

How to Protect Your Network against Credential Stuffing

  1. Implement rate limiting and CAPTCHA mechanisms.
  2. Encourage or enforce the use of multi-factor authentication (MFA).