What is Credential Stuffing?
Credential stuffing is a type of cyberattack in which hackers obtain large amounts of usernames and passwords and attempt to "stuff" those credentials into the login pages of other digital services. Because people often use the same username across multiple platforms, hackers can use the information gathered from credential stuffing to unlock various accounts. Then, with the use of automated tools, hackers can attempt thousands of login credentials in a matter of minutes. In recent years, hundreds of millions of credentials have been stolen and sold to commit fraud.
How to Prevent Credential Stuffing
When customers use the same email and password combinations across multiple online accounts, cybercriminals can exploit this opportunity to attempt logins using stolen credentials across various sites. To protect your information, regardless of which platform you are using, the following is recommended:
- Avoid generic usernames that include your first or last name, or first initial and last name.
- Example: Avoid Jdoe or JaneDoe. Simple usernames are easy to exploit. Instead, try J@n3D0e.
- Include numbers and special characters in both your usernames and passwords.
- Frequently change your account usernames and passwords.
- Use different usernames and passwords across online platforms.
- When possible, avoid using your email address as a username.
- Create unique passwords that vary across different platforms.
- According to a 2020 survey conducted by a data analytics firm, nearly 60 percent of respondents reported using one or more passwords across multiple accounts.
