Credential Stuffing

What Does Credential Stuffing Mean?

Credential stuffing is a term related to a specific type of hacking that secures user credentials by breaching a system, and then attempts to use those credentials with other systems. Like other kinds of related hacking, credential stuffing attacks rely on hackers being able to get into a network and take out sensitive user information such as passwords and usernames.


Techopedia Explains Credential Stuffing

What happens with credential stuffing is that hackers take that stolen information related to one site or system, and use it in a brute force hacking attempt to try to get into various other systems. Sometimes hackers evaluate whether one password or username can be used for another website, whether it is related to the original website or not.

For instance, hackers may gain access to sets of usernames and passwords for a particular retailer, and try to apply those same usernames and passwords to a financial website. The idea is that through trying large numbers of these attacks, hackers can figure out whether any users have reused the same passwords and user permissions, and in that way, hackers may be able to use stolen login data to access multiple systems. Some types of credential stuffing can also lead to identity theft.


Related Terms

Latest Cyber Threats Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…