Credential stuffing attack is an form of an attack with uses the stolen username/password from one website and uses those credentials to login to other websites. Attackers uses an specific tools to send the stolen credentials from one website to other websites. This types of attacks are successful to gain access of other’s accounts since there are many people that uses an same credential for multiple websites.
Credential stuffing attack work by attacker first gaining access to the credential from the previous data breach. Then the attacker uses an specific software to inject those and other hundred or thousands of credentials to targeted websites. Once the attacker is able to obtain the access to the users account attacker would be able to get all the personal information of the user that is being saved on that account.
There are many ways to save your accounts from this credential stuffing attack. One of the way to protect the account is by using different password on all of the accounts. Another way to protect the account from this attack is to use the multi-factor authentication.
Reference:
Bannister, A. 2020. Credential stuffing attacks: How to protect your accounts from being compromised. Retrieved from: https://portswigger.net/daily-swig/credential-stuffing-attacks-how-to-protect-your-accounts-from-being-compromised
Leave a Reply
You must be logged in to post a comment.