RSA Report: The Credential Stuffing Gold Rush

File uploaded by Heidi Bleau Employee on Jan 29, 2020
Version 1Show Document
  • View in full screen mode

The term ‘credential stuffing’ refers to the large-scale, automated checking of breached account credentials against various websites in order to identify matches. The entire method relies on the common user habit of recycling passwords across multiple websites and is by far the most popular way to obtain compromised credentials for account takeover.  This report takes an in-depth look at the process of credential stuffing attacks monetization options, the prominent tools preferred by cybercriminals, and mitigation measures organizations can take.