Credential Stuffing: A Threat to Online Platforms and Their Users
- Reading time:
- 2 min
Credential stuffing attacks are a cyber attack type in which attackers attempt to use credentials obtained through data leaks and other means on various online platforms. In these attacks, automated scripts are used to try out the credentials at high speed on many of these portals. If credentials are correct, attackers can usually fully access and abuse a legitimate user’s account.
The stolen credentials are often gathered in so-called collections and traded by criminals on the dark and deep web. The content of these collections can be of various origin. In our previous blog article “Dark Web vs. Deep Web - What can you find there? we explain the differences between the everyday Internet, the Deep and Dark Web.
Origin of login data for credential stuffing attacks
- Leakage of Data from Companies: Almost all online platforms offer their customers the convenience of a customer account, e.g., to make purchases faster and easier in the future. In order to do this, companies store users’ login data in their databases. Due to unintentional misconfiguration, missing security patches or actual hacking attacks, this login data can be accessed and thus be copied and become part of these data collections.
- Phishing Attacks: Various methods can be used to trick users of online platforms into revealing their login data to attackers. Often, fake websites are used that can hardly be distinguished from the original at first glance. We have explained further phishing methods in more detail in our blogposts Phishing #1: Email Phishing, Baiting and Search Engine Phishing and Phishing #2: CEO Fraud, Corporate Phishing and Angler Phishing Attacks.
- Theft of Login Data: Login data can also be stolen directly from users, for example by malware reading it directly on the computer or cell phone and sending it to the attacker. Various methods are used to capture login data. Known in particular are keyloggers, malicious software that records all user entries, and so-called password stealers, software that specifically reads files and data from password managers, e.g. from the Chrome browser.
The motivation behind credential stuffing attacks is usually monetary. Once attackers have access to an account, they can use it for malicious activities such as sending spam or committing commodity fraud. In some cases, attackers can also view sensitive information such as credit card or bank account details from users’ stored account information.
Our next blog post offers an in-depth look at credential stuffing attacks and their impact on users of online platforms.