In a credential stuffing attack, collections of stolen login credentials from one service are used to attempt to break into accounts on various other services. Credential stuffing is a cyber attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service.
For example, an attacker may take a list of usernames and passwords obtained from a breach of a major department store, and use the same login credentials to try and log in to the site of a national bank. The attacker is hoping that some fraction of those department store customers also have an account at that bank, and that they reused the same usernames and passwords for both services.
Credential stuffing is widespread thanks to massive lists of breached credentials being traded and sold on the black market. The proliferation of these lists, combined with advancements in credential stuffing tools that use bots to get around traditional login protections, have made credential stuffing a popular attack vector. Learn more in the Cloudflare Learning Center.
Knowledge in Action
Protect your site from bad bots with a few clicks. One-Click Bot Mitigation is available on our Pro and Business Plans. Get started here.
