Attacks & Threats
Credential Stuffing
Also known as: Credential replay, Account checking
Definition
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
Examples
- Bots logging into a streaming service with combolists from unrelated forum breaches to resell working accounts.
- A retailer seeing a spike of logins from residential IPs across thousands of accounts after a third-party leak.
Related terms
Brute Force Attack
An attack that systematically tries every possible value — typically passwords, PINs, or keys — until the correct one is found.
Password Spraying
A low-and-slow attack that tries a small set of common passwords against many user accounts, staying under lockout and rate-limit thresholds.
Dictionary Attack
A targeted password-guessing attack that tries entries from a precompiled list of likely words, leaked passwords, and rule-mutated variations.
Info Stealer
Malware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
Broken Authentication
A category of vulnerabilities where flaws in authentication or session management let attackers impersonate legitimate users or take over accounts.