Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them.
Credential stuffing attacks consist of automated attempts to log into online services using user credential databases, with the success of this type of malicious campaigns being based on the unfortunately very common habit of users to use the same password for multiple accounts.
Credential collections and stuffing attacks
Recorded Future shed some light on the subject in an extensive report which shows how cybercriminals have been able to employ sets of millions of credentials stolen from high profile online platforms and companies such as Adobe, Dailymotion, VK, Bell, Tumblr, Comcast, Fling, Sony, and LinkedIn, as well as huge collections of hundreds of millions of stolen accounts sold on the dark web marketplaces [1, 2] to run credential stuffing attacks.
The most targeted organizations by credential stuffing attacks have been from the Financial, E-commerce, Social Media and Entertainment, Information Technology and Telecommunications, Restaurants and Retail, and Transportation industries.