What is Credential Stuffing?

What is Credential Stuffing?

We hear every day of a new breach. Last one that made the news was the Collection #1 breach. This breach is precisely a collection made up of many different individual data breaches from literally thousands of different sources. But you should be wondering, how would this affect me? Well, you could appear in it, so you should check it at https://haveibeenpwned.com/. In case you do, I recommend changing your password right now. Attackers are using breaches to takeover accounts. 

This kind of attack is called Credential Stuffing. Basically, the attacker gets usernames and passwords from multiple breaches, combines them into a single list so they can be used to takeover accounts on other services Many people confuse this attack and might think that services like Spotify were breached. But that it’s not the case (just yet, at least). There are different free tools out there that are used to test accounts on different websites. For example, Spotify Brute is a perfect example. Why is this still possible? We don’t know. However, online security is a shared responsibility. You should do your part on it. 

Account checker that targets Spotify
https://www.youtube.com/watch?v=zGslL-IM9Bg
Spotify Checker in action 

If you find your account in one of these list, it doesn’t mean that that the service itself was breached. Instead you should look into your password practices. You should use unique passwords and change them ASAP if they appear on a breach. If you use a weak and common password, just remember that someone could access your account easily. This credential stuffing shows that “it won’t happen to me, I’m not that important” don’t work anymore.