Resource Centre > Research Gateway > F5 Networks Inc > Credential Stuffing: A Security Epidemic

Credential Stuffing: A Security Epidemic

F5 Networks Inc

In a credential stuffing attack, cybercriminals turn to the dark web to purchase previously stolen usernames and passwords. They then make repeated attempts with automated tools to “stuff” the login fields of other websites with the credentials to gain access to accounts held by corporate users or customers. When a “stuffing” attempt is successful, the attacker uses the account for fraudulent purposes. There’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts. 

These attacks wouldn’t be successful if people used different usernames and passwords for each site or application they access. Instead of taking the time and energy to craft unique credentials for each of their many accounts, nearly three out of four users reuse and recycle credentials across accounts.

Email this page
Published:  Dec 08, 2017
Length:  9
Type:  White Paper
Tags : 
data breach, credential stuffing, system security, security