Thom explains credential stuffing.
Thom from our technical team gives an explanation of what credential stuffing is.
When professionals mention credential stuffing attacks, what they are usually referring to is the process of brute-forcing username-password pairs into applications in order to get a valid login. For an attacker, this process can be automated to iterate through hundreds of thousands of credentials – perhaps captured from data breaches – to find a correct username-password pair. Valid combinations may be used by attackers to conduct fraud, or as a way of discovering passwords a user is likely to use – this information can then be used on yet more services.