What is Credential Stuffing?
An automated attack that uses stolen username/password pairs from one breach to try logging into other services, exploiting password reuse.
Credential stuffing is one of the most common attacks on the internet. It works because people reuse passwords.
How It Works
- Attacker obtains leaked credentials from a data breach
- Automated tools try each username/password on dozens of other sites
- Because people reuse passwords, a significant percentage will work
- The attacker gains access to accounts the user didn't even know were connected
Scale
- Billions of credentials are available from past breaches
- Automated tools can test thousands of logins per minute
- Success rates of 0.1-2% are common — at scale, that's millions of compromised accounts
Protection
- Never reuse passwords — use a password manager
- Enable 2FA on every account that supports it
- Use passkeys where available
- Check HaveIBeenPwned to see if your credentials were in a breach
- Monitor for unusual login activity on important accounts
Related Terms
Brute Force Attack
A trial-and-error method of cracking passwords or encryption by systematically trying every possible combination until the correct one is found. While simple in concept, brute force becomes impractical against sufficiently long, random secrets.
Password Manager
Software that securely stores and manages passwords and other credentials. Password managers generate strong, unique passwords for each account and encrypt them with a single master password, eliminating password reuse and the need to remember multiple complex passwords.
Two-Factor Authentication
A security method requiring two different types of identification to access an account: something you know (password) plus something you have (phone, hardware key) or something you are (biometric). This significantly reduces the risk of unauthorized access even if your password is compromised.
Have more questions?
Use our guided flow to get the right next privacy step for Credential Stuffing.
Open Guided Flow