Author: Kunal Sehgal (Former Managing Director for Global Resilience Federation)
Credential stuffing implies the use of stolen credentials and information to gain unauthorized access to people’s accounts. Unlike the brute force method, credential stuffing attacks simply automates the login to millions of previously discovered credential pairs using standard web automation tools. The current manuscript discusses the functioning of this attack from the methods of procurement of information to make financial gains through it, and its impact upon the cyber industry. This manuscript highlights the role of automation in web-based applications along with different automated tools used by hackers for credential stuffing. This manuscript also discusses the scope of this attack and methods to be incorporated by organizations into their security features, to mitigate its effects.