Credential Stuffing

Credential Stuffing 

Fort Lauderdale-based Citrix Systems found itself neck deep in investigating a major network breach in 2019 that had occurred the previous year, resulting in stolen business documents by hackers. The FBI believed the breach was sourced for “password spraying,” otherwise known as credential stuffing — an attempt by hackers to remotely access a large number of accounts at once. According to a form 10-K filing to the U.S. Securities and Exchange Commission, Citrix believed the hackers tried to infiltrate company systems to access content collaboration customer accounts.


What you need to know: With credential stuffing, cybercriminals will use stolen account credentials — often usernames and passwords procured from a data breach — to access additional accounts by automating thousands or millions of login requests directed against a web application. They want to access sensitive accounts the easy way — by simply logging in. It works because they rely on people reusing the same usernames and passwords across multiple services. If they’re successful, one credential can unlock accounts that house financial and proprietary information, giving them the keys to almost everything.

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection