Get Started Book a Demo

Credential Stuffing

7th May 2020 | Cybrary Credential Stuffing


credential stuffing cybrary term

Credential Stuffing is the autonomous injection of stolen username and password credentials in a web authentication function in the hopes of gaining unauthorized access to user accounts. Once an account login succeeds, the attacks quickly takes over the account.  At this point the hacker may perform fraudulent financial transactions, in the case of an email account they will scrape the accounts sent and deleted items folders for every last email address available to them.  They will likely target these individuals with new phishing attacks pretending to be the trusted party whose account has been hacked into.

Hackers generally gain these stolen credentials through users clicking on phishing attack links and entering their account information on fake website logins.  Alternately, they can purchase username and password databases on the dark web.  Finally, professional hackers will breach popular websites and steal the password database hoping it hasn’t been properly encrypted with salted and iteratively hashed passwords.

Source: Secret Security Wiki

Additional Reading: The Evolving Threat of Credential Stuffing

Related Terms: Phishing, Spear-Phishing, Trojan Horse

What should you do as an SMB?

Credential stuffing is another cyber attack that can be mitigated through proper cybersecurity education and awareness. Educating employees and using CyberHoot’s new phishing tests can reduce the likelihood that there is a security breach due to a user entering in credentials on a malicious site. The best way to defend against this type of attack is through proper password hygiene and training employees/staff on the dangers of phishing. Proper password hygiene can be simplified in these following steps:

  • Require employees to use a Password Manager;
  • Require employees to use a unique, complex 14+ character password or passphrase for each account you use;
  • Require Two-Factor Authentication on all Internet facing accounts;
  • Require employees change all passwords on accounts that aren’t unique;
  • Use CyberHoot’s Dark Web search tool (here) to see if any of your accounts have been exposed through online website breaches.

To learn more about Credential Stuffing, watch this short 5 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Zero Trust RPAM: The Future of Secure Remote Access
2nd December 2025 | Blog

Zero Trust RPAM: The Future of Secure Remote Access

The world of work has changed enormously since COVID-19. Gone are the days when IT admins sat behind a corporate...

Read more
Microsoft Integrates Passkeys into Windows: is this the start of a Passwordless Future?
11th November 2025 | Blog

Microsoft Integrates Passkeys into Windows: is this the start of a Passwordless Future?

Let’s be honest, who hasn’t reset a password at least once this month? For decades, passwords have been our...

Read more
When You Become the Hacker: How Modern Attacks Trick You Into Hacking Yourself
4th November 2025 | Blog

When You Become the Hacker: How Modern Attacks Trick You Into Hacking Yourself

In a shift away from the usual “hack-meets-victim” narrative, a new kind of cyber-assault is emerging. One...

Read more
Get Started All Posts