[sunjester]

The strategy is pretty straightforward. Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to "stuff" those credentials into the login page of other digital services. Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts. In the last few weeks alone, Nest, Dunkin' Donuts, OkCupid, and the video platform DailyMotion have all seen their users fall victim to credential stuffing.

https://www.wired.com/story/what-is-cred...-stuffing/

[darkninja1980]

wow, I will sure take a look at the link.

[mothered]

Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to "stuff" those credentials into the login page of other digital services

Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts.

What's the big deal about this? I've been doing It for over two decades.
It's common sense, really.

[SickPsycko]

Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to "stuff" those credentials into the login page of other digital services

Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts.

What's the big deal about this? I've been doing It for over two decades.
It's common sense, really.

You're right, it is. But things don't really get brought up because people use the hell out of it because it becomes popular. It's just like an exploit. I have a folder with private and public exploits. I don't share my private exploits because I don't want it to be fixed. People are now going to try and make website logins more secure by using different methods such as 2 factor authentication everywhere or something more friendlier as this method of compromise becomes more used or popular. What i'm really trying to get to is, this method is just now becoming more recognized because of it's trend.

[mothered]

Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to "stuff" those credentials into the login page of other digital services

Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts.

What's the big deal about this? I've been doing It for over two decades.
It's common sense, really.

You're right, it is. But things don't really get brought up because people use the hell out of it because it becomes popular. It's just like an exploit. I have a folder with private and public exploits. I don't share my private exploits because I don't want it to be fixed. People are now going to try and make website logins more secure by using different methods such as 2 factor authentication everywhere or something more friendlier as this method of compromise becomes more used or popular. What i'm really trying to get to is, this method is just now becoming more recognized because of it's trend.

Perhaps because I've been In the scene for such a long time, that this type of Information Is ridiculously logical.

I'm at a loss as to "why" It's making headlines.

[darkninja1980]

Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to "stuff" those credentials into the login page of other digital services

Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts.

What's the big deal about this? I've been doing It for over two decades.
It's common sense, really.

You're right, it is. But things don't really get brought up because people use the hell out of it because it becomes popular. It's just like an exploit. I have a folder with private and public exploits. I don't share my private exploits because I don't want it to be fixed. People are now going to try and make website logins more secure by using different methods such as 2 factor authentication everywhere or something more friendlier as this method of compromise becomes more used or popular. What i'm really trying to get to is, this method is just now becoming more recognized because of it's trend.

that good you do not share your private exploits.