The Latest Cyber Attack: Credential Stuffing

With the recent Collection #1 data dump, you may have heard the phrase “Credential Stuffing” in the news. This may be a new cybersecurity term that you’re not familiar with. A new data dump, Collection #2-5, contains over 2.2 billion usernames and passwords which makes credential stuffing attacks even easier for cyber criminals to run. Because credential stuffing can directly impact you and your online accounts, it is important to understand how to protect yourself from this latest cyber attack.notebook-with-password-tips

What is Credential Stuffing?

In layman’s terms, credential stuffing is a type of cyber attack that uses automated tools in conjunction with stolen credentials (e.g. usernames and/or email addresses and the corresponding passwords), often from data dumps, to try to gain unauthorized access to user accounts.  Essentially, you are vulnerable to credential stuffing attacks if any of your data has ever been exposed in a data breach (which is almost everyone). Credential stuffing is not a new type of attack, but it has gained notoriety with recent data dumps.

Why Does This Cyber Attack Matter?

Understanding credential stuffing is important to everyone’s online identity because it highlights weaknesses in password use. If you reuse online passwords, you are vulnerable to credential stuffing cyber attacks.

Reports of Nest cameras being “hacked” were actually false and were the result of poor password reuse practices.  Bottom line, if you reuse passwords, you are vulnerable to credential stuffing attacks and your online accounts (e.g.banking, social media, e-mail, etc.) are fair game to malicious attackers.

How You Can Protect Yourself Against Credential Stuffing & Other Cyber Attacks

The good news is that protecting yourself from credential stuffing attacks is something that you can easily do by using a password manager. A password manager can help you generate unique, long, strong passwords for each and every website/service you use.

For example, if you have a unique password for your social media website and those credentials get compromised in a data breach, you only have one vulnerable account (your social media account) because you use unique passwords across sites. Also, you only have to change one password in the event of a data breach vs. having to change your password on multiple sites.


Even if your credentials have been compromised in a data breach, taking the time to work on your password habits can help mitigate damage from un-launched credential stuffing attacks and also help limit the damage for any potential future data breaches containing your credentials.

Change Your Cybersecurity Habits Today

A study out of University College London states that it takes up to 10 weeks to form a new habit. We’re still in early 2019, so there is plenty of time left for you to get into the habit of using a password manager and stop reusing passwords. In a mere matter of months, you can significantly improve the security of your online accounts and prevent future credential stuffing attacks.

Make this a new habit today, starting by learning more about how to create strong online passwords.