GLOSSARY / Credential Stuffing
What is Credential Stuffing?
Using username/password pairs leaked from one breach to log into other services.
Because people reuse passwords, attackers automate logins with billions of leaked credentials, taking over accounts at scale. It is distinct from brute force, which guesses passwords.
Bot-driven and hard to spot without behavioral defenses.
How to defend
Enforce MFA, screen passwords against breach corpora, and deploy bot detection / rate limiting.
Related free tools
Related terms
Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.