Credential Stuffing

Stop criminals from taking over accounts on your website

Credential stuffing means that someone tries to take over accounts on your website by means of leaked login and password lists. Bots automate the take-over process and test millions of logins on tousands of websites in practically no time.

How does it work? Why am I vulnerable? People like to use the same email address and password for many websites. A bot that knows an email/password pair will try that pair on many, many websites in seconds and most likely succeeds in taking over many accounts.

The persons whose accounts are hijacked subsequently spend an enormous amount of time to rectify their bank accounts, credit line and accounts. This often takes up to a year.

How do you know you have this problem?

Look out for these signs:

  • Analyze your logs and scan for an untypically high number of login attempts.
  • Look for successful logins after a number of failed attempts.
  • Check these accounts for suspicious orders, e.g. to a new address, or credit card fraud
  • Customers who claim that all of a sudden they can’t log in anymore are also a sign for an account that has been taken over.