RSS feed Get our RSS feed

News by Topic

Credential Stuffing: A Security Epidemic

F5 Networks Inc

In a credential stuffing attack, cybercriminals turn to the dark web to purchase previously stolen usernames and passwords. They then make repeated attempts with automated tools to “stuff” the login fields of other websites with the credentials to gain access to accounts held by corporate users or customers. When a “stuffing” attempt is successful, the attacker uses the account for fraudulent purposes. There’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts. 

These attacks wouldn’t be successful if people used different usernames and passwords for each site or application they access. Instead of taking the time and energy to craft unique credentials for each of their many accounts, nearly three out of four users reuse and recycle credentials across accounts.

Tags : data breach, credential stuffing, system security, security
 Email this page
Published:  Dec 08, 2017
Length:  9
Type:  White Paper