‘Tis the season of stuffing stockings. ‘Tis also the season of “credential stuffing.” What is credential stuffing you ask?

According to Wikipedia, “credential stuffing is a type of cyber-attack where stolen account credentials are used to access user accounts through large-scale automated login requests directed against a web application.”

According to Shape Security, credential stuffing is “The #1 Cause of Account Takeover.”

Credential stuffing is conducted by cyber criminals who have obtained access to individuals’ usernames and passwords and can then access online platforms using those stolen user names and passwords. Usernames and passwords are commonly referred to as “credentials.” When your “credentials”—the username and password that you use to get onto an online platform to shop, conduct online banking, access frequent flyer miles, bitcoin accounts, etc., if the username and password is validated, anyone can access those accounts.

Cyber criminals have developed sophisticated ways to use technology, through automation, to test usernames and passwords, and when successful, to take over individuals’ accounts. Once they can take over the account, they have access to and can steal whatever is in it. It is estimated that over the past three years, $2.3 billion has been lost to account takeover.

The reason why credential stuffing is so successful for these cyber criminals is because people use the same passwords over and over because it is difficult to remember so many different passwords for each online activity. An effective way to prevent becoming a victim of credential stuffing is to not use the same password across online platforms, to change passwords frequently, and to use multi-factor authentication for online activity.

So enjoy stuffing those stockings this holiday season, but don’t become the victim of credential stuffing.