Skip to main content

Thom explains credential stuffing.

Thom from our technical team gives an explanation of what credential stuffing is

Video transcript:

When professionals mention credential stuffing attacks, what they are usually referring to is the process of brute-forcing username-password pairs into applications in order to get a valid login. For an attacker, this process can be automated to iterate through hundreds of thousands of credentials – perhaps captured from data breaches – to find a correct username-password pair. Valid combinations may be used by attackers to conduct fraud, or as a way of discovering passwords a user is likely to use – this information can then be used on yet more services.