ESET Online Help

Search English
Select the topic

Credential stuffing

Credential stuffing is a cyber attack that uses data from leaked credentials databases. Attackers use bots and other automatization methods to log into accounts using the leaked data on numerous websites. Attackers use users who recycle their login credentials through multiple websites and services. When the attack is successful, attackers can gain full access to the account and users' data stored in this account. Attackers can exploit this access to steal personal data for identity theft, fraudulent transactions, spam distribution, or other malicious actions.