close

Keeper’s Guide to Credential Stuffing Attacks

Learn to Understand, Detect, and Protect against Credential Stuffing Attacks

Get Protected Now

Credential stuffing attacks can put personal and business data at a serious risk. Here, we’ll take a closer look at credential stuffing attacks, how to detect them, how to protect against them and why they’re such a threat to both businesses and individuals.

Credential stuffing attacks can put personal and business data at a serious risk. Here, we’ll take a closer look at credential stuffing attacks, how to detect them, how to protect against them and why they’re such a threat to both businesses and individuals.

What is Credential Stuffing?

A credential stuffing attack is when a cybercriminal uses a set of credentials to attempt to gain access to several accounts at once. Credential stuffing is so effective because nearly two-thirds of internet users reuse their passwords. Cybercriminals enter the stolen credentials into thousands of websites over the course of a few minutes or several hours, compromising everything from social media accounts to proprietary company software and beyond.

Get Protected Now

What is Credential Stuffing?
How do Credential Stuffing Attacks work?

How do Credential Stuffing Attacks work?

A credential stuffing attack depends on the reuse of passwords. With so many people reusing their passwords for multiple accounts, just one set of credentials is enough to expose most or all of their accounts. Cybercriminals utilize things like BotNets to execute multi-front attacks across multiple devices, expanding their attack capabilities with just one set of credentials.

It’s estimated that about 80% of all data breaches are linked to compromised passwords, which begs the question: why are so many people still using one password for their accounts?

When an attacker is successful in a credential stuffing attack, they can potentially take control of a user’s bank information, social media accounts and more. This can lead to outright theft of money or other assets, extortion or identity theft.

Credential Stuffing vs Password Spraying

Credential Stuffing vs Password Spraying

Credential stuffing and password spraying are similar, but password spraying depends on a username rather than a full set of credentials. Password spraying involves taking a verified username and plugging it into several accounts in combination with several different common passwords. If a user doesn’t practice good password habits, most or all of their accounts can be jeopardized by guessing common passwords.

How to Detect Credential Stuffing Attacks

Detecting a password spray attack early on can give you ample time to react and protect your accounts. Here’s how:

For Personal Users

  • Detecting a credential stuffing attack can be as simple as requiring 2FA/MFA verification for every account. That will give you a warning if your accounts might be being tampered with, and requires an extra set of credentials to login to the account.
  • Keeper BreachWatch® is also an identity protection tool that monitors the dark web for breached accounts and alerts you instantly if any stolen credentials match yours.

For Business Users

  • Anomaly detectors for traffic with bots. These tools help detect anomalies from incoming web traffic and notify you of incoming bots. Credential stuffing depends on autonomous bots that can quickly plug in credentials, so detecting them can lead to early action.
  • Regularly scanning breach databases for shared logins. Performing regular system maintenance that includes scanning databases can provide early warning and perhaps mitigate the damages caused by a data breach.
  • Use device and browser fingerprinting. Biometric credentials make for strong, unique logins. Combining a password with a biometric credential can make an account 10x stronger.
  • Monitoring VPNs.
  • BreachWatch for Business. BreachWatch is also a powerful business dark web monitoring tool that constantly scans employees’ Keeper Vaults for passwords that have been exposed. It immediately alerts you to take action and protect your organization.
How to Detect Credential Stuffing Attacks

How to Prevent Credential Stuffing Attacks

For Personal Users

  • Use MFA/2FA whenever possible
  • Educate yourself about password security
  • Use a password manager like Keeper to auto-generate strong, random passwords and secure login credentials
  • Don’t reuse passwords
  • Use complex security questions alongside solid login credentials

For Business Users

  • Implement MFA/2FA for all company accounts
  • Use CAPTCHAs for login pages
  • Improve company-wide education about passwords and cybersecurity
  • Enact strict cybersecurity policies
  • Limit traffic from Autonomous System Numbers
  • Use a Web Application Firewall (WAF)
  • Limit authentication requests/login attempts using IP Block-listing
  • Keep a running list/block of known bad IPs from web info/history
  • Use BreachWatch for your business

Examples of Credential Stuffing in the News

Dunkin Donuts Credential Stuffing Attack

The popular food chain Dunkin Donuts was the victim of a credential stuffing attack in its rewards program, which exposed personal information such as phone numbers, email addresses, and account numbers.

The company reported that thousands of credentials were exposed, and it’s believed that these credentials were exposed from hacking other companies, making this attack a prime example of credential stuffing.

Nintendo Credential Stuffing Attack

In March 2020, thousands of users reported unauthorized logins to their Nintendo accounts, which resulted in compromised accounts, including personal information such as email addresses, names and more. Nintendo reports that those credentials were stolen either via credential stuffing, phishing, or a combination of both.

Zoom Credential Stuffing Attack

The rise of Zoom during the pandemic has created a huge demand for video conferencing services, but it’s also exposed those services’ users to potential cyber attacks. Zoom, one of the largest services on the market, has experienced several cybersecurity problems, including “Zoom Bombing”, where uninvited users enter and “crash” Zoom meetings.

More than 500,000 usernames and passwords for Zoom are confirmed being bought and sold on the DarkWeb. However, these are confirmed accounts from credential stuffing attacks, not a data breach on Zooms end. While Zoom is working hard to address security issues, it’s still important to change up your passwords and use 2FA for any video conferencing software.

Keeper Protects You, Your Family and Your Business Against Credential Stuffing Attacks

Get Protected Now