Credential Stuffing is the autonomous injection of stolen username and password credentials in a web authentication function in the hopes of gaining unauthorized access to user accounts. Once an account login succeeds, the attacks quickly takes over the account. At this point the hacker may perform fraudulent financial transactions, in the case of an email account they will scrape the accounts sent and deleted items folders for every last email address available to them. They will likely target these individuals with new phishing attacks pretending to be the trusted party whose account has been hacked into.
Hackers generally gain these stolen credentials through users clicking on phishing attack links and entering their account information on fake website logins. Alternately, they can purchase username and password databases on the dark web. Finally, professional hackers will breach popular websites and steal the password database hoping it hasn’t been properly encrypted with salted and iteratively hashed passwords.
Source: Secret Security Wiki
Additional Reading: The Evolving Threat of Credential Stuffing
What should you do as an SMB?
- Require employees to use a Password Manager;
- Require employees to use a unique, complex 14+ character password or passphrase for each account you use;
- Require Two-Factor Authentication on all Internet facing accounts;
- Require employees change all passwords on accounts that aren’t unique;
- Use CyberHoot’s Dark Web search tool (here) to see if any of your accounts have been exposed through online website breaches.