Don't Get Stuffed! Credential Stuffing, Account Takeovers, and Identification/Mitigation

With account credentials from numerous data breaches readily available and password re-use by end users commonplace, a scheme called credential stuffing is increasingly used by cybercriminals to compromise and take over accounts. This presentation defines what credential stuffing is, then looks at a typical account takeover lifecycle and common variations. Several identifying characteristics and mitigation strategies are then discussed, along with free tools, ideas on how to recover from a credential stuffing attack, and various resources merchants can utilize.

Slides for this presentation and presenters' notes are available by signing in or becoming a member, then returning to this page.


Sign in or register to download these resources