ESET Online Help

Search English
Select the topic

Credential stuffing

Credential stuffing is a cyber attack that uses data from leaked credentials databases. Attackers use bots and other automatization methods to log into accounts on numerous websites using the leaked data. Attackers take advantage of users that recycle their login credentials through multiple websites and services. When the attack is successful, attackers can gain full access to the account and users' data stored in this account. Attackers can exploit this access to steal personal data for identify theft, fraudulent transactions, distributing spam, or other malicious actions.