> F5 Networks Inc > Credential Stuffing: A Security Epidemic

Credential Stuffing: A Security Epidemic

White Paper Published By: F5 Networks Inc
F5 Networks Inc
Published:  Dec 08, 2017
Type:  White Paper
Length:  9 pages

In a credential stuffing attack, cybercriminals turn to the dark web to purchase previously stolen usernames and passwords. They then make repeated attempts with automated tools to “stuff” the login fields of other websites with the credentials to gain access to accounts held by corporate users or customers. When a “stuffing” attempt is successful, the attacker uses the account for fraudulent purposes. There’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts. 

These attacks wouldn’t be successful if people used different usernames and passwords for each site or application they access. Instead of taking the time and energy to craft unique credentials for each of their many accounts, nearly three out of four users reuse and recycle credentials across accounts.

Tags : 
data breach, credential stuffing, system security, security