Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Scott Matteson / via TechRepublic / Nov. 29, 2019

There's no shortage of threats on the internet, which puts end users at risk and keeps cybersecurity and IT professionals busy. Credential stuffing is a such risk that can pose a great danger to consumers and business employees.

I spoke with Sumit Agarwal, co-founder and COO of Shape Security, a cybersecurity organization about the concept. Agarwal served as deputy assistant secretary of defense under President Obama.

Scott Matteson: You came up with the term "credential stuffing" in 2011 when you were at the Pentagon. What is credential stuffing?

Sumit Agarwal: That's right. While serving as Deputy Assistant Secretary of Defense, I observed very complicated cyberattacks affecting publicly facing military websites. I realized it was only a matter of time before those attacks affected the average person's online accounts. I termed these malicious attacks "credential stuffing."

Credential stuffing is the weaponization of stolen credentials (usernames and passwords) against websites and mobile applications. Lists of credentials stolen from one website are tested against other websites' login pages to gain unauthorized access to accounts, in order to commit fraud.


Continue reading here: Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Share your opinion... Thanks!

...and see what others saying:)
Do you have Smart Home devices installed in your home?
If Yes, are you satisfied with the solutions available on the market?
Do you use Siri, Alexa or Google Assistant?