What Is Credential Stuffing?

Stolen usernames and passwords caused the most data breaches in 2021, which means it’s time to start viewing your login credentials as a first line of defense, rather than just a way to access different services.

Learn more about how attackers use login credentials to enter your networks—and how you can stop them.

What is credential stuffing? Why is it a threat to your business?

Credential stuffing is a form of cyber attack that involves a bad actor taking usernames and passwords from one device and using it to gain access into another. For example, a bad actor might take the credentials from user accounts for an online retailer and use it to get into a bank’s website, hoping that some of the clothing store customers are also members of that bank.

A more sophisticated and successful version of brute force attacks, credential stuffing attacks can pose a more serious risk to your data. Brute force attacks involve entering credentials essentially at random, selecting common, guessable passwords. Credential stuffing is a bit more “strategic,” and the attacks are much more likely to succeed.

While the actual success rate of credential stuffing attacks is pretty low, about 0.1%, the sheer volume of credentials that are exchanged make these attacks a viable method for bad actors to gain access to sensitive information. Credential “collections” often contain millions of credentials and are openly shared among hacking communities. This means bad actors could successfully execute 1,000 attacks out of every million attempts, making credential stuffing a relatively effective attack method depsite the low success rate.

What can you do to prevent credential-stuffing attacks?

OUTSOURCE YOUR CYBERSECURITY

Many businesses don’t have the resources to manage how all login credentials are created and used, let alone whether they pose a security risk. By outsourcing your cybersecurity to a managed security service provider (MSSP), you can proactively prevent credential stuffing while staying 100% focused on your core business processes. An MSSP will be able to execute all the following strategies for safeguarding your data.

IMPLEMENT EMPLOYEE SECURITY AWARENESS TRAINING

Rather than simply asking employees to create strong passwords, you should familiarize them with password best practices during an employee security awareness training program. Through these programs, employees get more detailed information on not just how to create strong passwords, but why it’s so critical to protecting their data and your business’s data.

CREATE STRONG PASSWORDS

Because users need to have complex and unique passwords for each service they use, a password manager can be a helpful tool to implement across your company. Password managers will help your employees create strong passwords and will store all of those passwords in a secure central location. There’s no need to worry about users reusing passwords for the sake of making their login credentials easier to remember.

USE MULTI-FACTOR AUTHENTICATION

Multi-factor authentication is a highly effective way of preventing credential stuffing because users need to verify themselves with something they have with them—which attackers won’t have. While it does make for a less convenient user experience, the added layer of security is worth it.

BLOCK IP ADDRESSES

Basic security systems will send out alerts when a single IP address has multiple failed login attempts, but attackers often have collections of IP addresses, so they can easily get around these measures. To identify potentially compromised IP addresses, consider blocking addresses that attempt to sign into multiple accounts.

TRY TO AVOID USING EMAIL ADDRESSES AS USERNAMES

Reused passwords aren’t the only credentials that could put your business at risk. If an email address is used as the user ID for multiple different services, the attackers job becomes even easier. To mitigate risk, unique usernames should be used for every unique service.

A data breach occured as a result of credential stuffing. What do you do next?

If you think login credentials have been compromised, you’ll need to take immediate steps to ensure the contain the attack and ensure it doesn’t occur again.

#1 Contact your Managed Security Service Provider (MSSP)

You want a dedicated IT team you can contact when you or your employees believe a set of login credentials have been compromised. With AccountabilIT as your MSSP, you get a team that won’t just give you specific next-steps on how to resolve an incident but will actually resolve the incident for you while staying aligned with your business needs.

What’s more, we proactively monitor your networks, so you won’t even have to worry about identifying compromised credentials yourself in the first place.

#2 Have employees immediately change passwords

There’s a good chance at least some of your employees are reusing passwords, which may have caused the breach to occur in the first place. The faster they can change their passwords on each service, the better your chances of warding off future attacks.

#3 Utilize multi-factor authentication

If you aren’t already using MFA, implementing it should be a priority. While not the only answer to safeguarding against stolen credentials, MFA is a key to preventing unauthorized access into your networks.

#4 Learn and improve

After your IT team has investigated the attack, you can use that information to guide improvements, whether it’s getting more advanced protection software or developing a training program on the importance of thoughtfully created login credentials.

Stop credential stuffing before it happens.

The best way to minimize the damage from credential stuffing is to prevent it from occuring in the first place. As leaders in the cybersecurity industry, we’ll partner with you to develop and implement a clear strategy for securing your sensitive data. In the case of an attack, we have the tools and knowledge to help you fully recover, too.