Credential stuffing is a relatively new term that describes the act of criminals purchasing lists of stolen credentials, such as user ID and passwords, on the dark web and using a botnet to validate those lists against an organization’s login page.
The end result of credential stuffing is typically an account takeover in which criminals then use the stolen validated credentials to take over accounts and commit fraud. Not being effectively prepared to handle credential stuffing can have disastrous effects on your company including: