Credential Stuffing

Credential stuffing is an automated attack where stolen username/password combinations from one data breach are tried against other websites and services. Because many people reuse passwords across multiple accounts, attackers can often gain access to new accounts using credentials stolen from completely unrelated breaches.

Credential stuffing attacks use automated tools to test thousands or millions of stolen credentials against target login pages. They exploit the human habit of password reuse — if your employee uses the same password for their personal email and their work VPN, a breach of the email provider gives the attacker access to your corporate network.