Don't miss an insight. Subscribe to Techopedia for free.


Credential Stuffing

What Does Credential Stuffing Mean?

Credential stuffing is a term related to a specific type of hacking that secures user credentials by breaching a system, and then attempts to use those credentials with other systems. Like other kinds of related hacking, credential stuffing attacks rely on hackers being able to get into a network and take out sensitive user information such as passwords and usernames.


Techopedia Explains Credential Stuffing

What happens with credential stuffing is that hackers take that stolen information related to one site or system, and use it in a brute force hacking attempt to try to get into various other systems. Sometimes hackers evaluate whether one password or username can be used for another website, whether it is related to the original website or not.

For instance, hackers may gain access to sets of usernames and passwords for a particular retailer, and try to apply those same usernames and passwords to a financial website. The idea is that through trying large numbers of these attacks, hackers can figure out whether any users have reused the same passwords and user permissions, and in that way, hackers may be able to use stolen login data to access multiple systems. Some types of credential stuffing can also lead to identity theft.


Related Terms