A person typing on a laptop with a password field showing hidden characters using asterisks.

In today’s interconnected world, cybercriminals have no shortage of tactics they can use to harm businesses and individuals. One such threat vector leveraged by criminals is credential stuffing.

What is credential stuffing?

Credential stuffing is a type of cyberattack where cybercriminals use compromised login credentials to gain access to additional accounts and systems. During a credential stuffing attack, cybercriminals use automated tools to test a set of usernames and passwords against various websites and applications. Credential stuffing works because people tend to use the same username and password for various accounts. Once a cybercriminal gains access to a new account during a credential stuffing attack, they can then inflict damage on a business by transferring funds, stealing information, taking down systems or committing other illicit activities.

Let’s take a closer look at credential stuffing attacks and how insurance agents can help their clients prevent or limit the damage caused by these attacks.

How cybercriminal deploy credential stuffing attacks

While each credential stuffing attack differs and tactics are ever-evolving, most credential stuffing attacks follow a general pattern, which often includes the following steps:

  1. Stealing login credentials

    The cybercriminal gains access to a list of usernames and passwords from various victims. These are typically obtained via phishing scams or dark web purchases.

  2. Leveraging a botnet

    The cybercriminal takes their list of stolen usernames and passwords and tests combinations across multiple websites and systems. To automate this process, cybercriminals will often leverage a botnet, which is a network of devices (e.g., computers, smartphones or Internet of Things (IoT) devices) that have been infected with malware and are controlled remotely by a single attacker or a group of attackers. Put simply, each infected device in a botnet can be programmed to attempt logins on different websites simultaneously, drastically increasing the speed and scale of the attack.

  3. Determining successful login attempts

    Once the botnet has tested the credentials, the cybercriminal identifies any successful login attempts and takes note of the accounts or systems they can now access.

  4. Carrying out malicious activity

    Having gained access to accounts, systems and data, the cybercriminal engages in harmful activities. This can include, but is not limited to, manipulating account settings, leaking sensitive data, making unauthorized purchases or money transfers or conducting further cyberattacks.

Why credential stuffing attacks are increasing

In recent years, credential stuffing cyberattacks have become a growing concern for individuals and businesses, as these types of attacks have increased in both frequency and severity. There are several reasons behind this trend, including the following:

  • Access to credentials—Driven by an increase in data breaches, the number of login credentials exposed online has surged in recent years. This has made it easier for cybercriminals to obtain stolen usernames and passwords, leading to a rise in credential stuffing incidents.
  • Advancements in technology—The technology used to execute credential stuffing attacks has become more sophisticated. These advancements allow cybercriminals to circumvent traditional login security practices and test stolen credentials faster than ever before.
  • Fewer barriers to entry—The cost and skill required to conduct credential stuffing attacks have decreased, making it easier for a broader range of cybercriminals to launch such attacks. Cybersecurity experts now estimate that a credential stuffing attack can be initiated for as little as $50.
  • Challenges of increased remote work—The shift to remote work has surged in recent years, which creates unique cybersecurity challenges. Notably, remote workers don’t have the same cybersecurity infrastructure as their workplace, making them more susceptible to cyberattacks like credential stuffing.

How to prevent cyber attacks like credential stuffing

Here are some tips to help you stay safe:

  • Enable multifactor authentication—Multifactor authentication, often referred to simply as MFA, is an identity verification method in which a user must supply at least two pieces of evidence, such as their password and a temporary passcode, to prove their identity. MFA can help guard against credential stuffing attacks as cybercriminals will often have only the account credential and not access to the information or device necessary to complete the MFA process.
  • Establish strong password and username protocols—Successful credential stuffing attacks often rely on us using the same username and password across multiple services. Experts advise creating a unique password for each account.

It’s a good idea to monitor your accounts for suspicious activity. If you suspect your passwords are compromised, change your passwords right away. By remaining aware of common cybersecurity threats, you can defend yourself against identity theft, financial loss and other harmful impacts of cyberattacks.

Related topics & resources

Creating strong passwords
Recognizing phishing red flags
Mobile security strategies
More cybersecurity resources

The information included here is designed for informational purposes only. It is not legal, tax, financial or any other sort of advice, nor is it a substitute for such advice. The information may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate in parts. It is the reader’s responsibility to comply with any applicable local, state or federal regulations. Nationwide Mutual Insurance Company, its affiliates and their employees make no warranties about the information nor guarantee of results, and they assume no liability in connection with the information provided.