credential stuffing

credential stuffing.jpg

Your login to an account such as Netflix typically comprises your credentials, that is, your username and password, or alternatively an email address and password. These paired bits of information can be stolen by unscrupulous hackers who then, using an application, send them out randomly on the internet until they match up with an account. 

 This gives the hacker access to the account which he or she can then sell to other people so that they can access your online services for free. This is known as credential stuffing.  The stuffing refers to the automated process in which a huge number of acquired credentials are run against a particular site in the hope that some of them may be accepted.  So there is neither brute force nor finesse involved in finding the matches. Just lots and lots of data.