How hackers use leaked login ID and passwords to launch credential stuffing attacks | Explained
The Hindu
23andMe, a U.S. biotechnology firm, confirmed stolen customer data was being sold on the dark web. Data included full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. Attackers used credential stuffing, a form of brute force attack, to gain access. Poor password hygiene is a main factor behind successful credential stuffing attacks.
In October 2023, 23andMe a U.S. biotechnology and genomic firm offering genetic testing services to customers confirmed that stolen data of its customers being sold by threat actors on the dark web was legitimate. The data included full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. The company further shared that the data being sold was stolen using a credential-stuffing attack.
Credential stuffing is a form of brute force attack that involves trial and error on the hackers’ part to crack passwords, login credential, and encryption keys.
Brute force attacks are categorised under four categories, namely simple brute force attacks, dictionary attacks, hybrid brute force attacks, reverse brute force and credential stuffing.
Amongst these, credential stuffing preys on user’s weak password hygiene. Attackers collect stolen username and password combinations from data leaks. These are tested on other websites to check if they can be used to gain access to additional accounts. This form of attack method is successful when users use the same password combination or reuse passwords for various accounts and social media platforms.
Hackers may also use automated bots to repeatedly try to access a website with credentials purchased on the dark web. Making use of known (breached) usernames / passwords pairs of websites against other websites.
When attackers discover a set of credentials that work, they may also illegitimately try to access a company’s network using them or sell the validated credentials to other criminals who can use them to launch further attacks.
One of the main factors behind the successful launch of credential stuffing attacks is poor password hygiene. In credential stuffing, attackers target popular websites with high brand recognition where user credentials leaked from earlier data breaches are readily available on the dark web.
TVK challenges Tamil Nadu's SOP for political rallies in Madras High Court, alleging unconstitutional restrictions on political activities.
Congress MP Manickam Tagore demands action against DMK's Thalapathi, asserting Congress's strength ahead of upcoming elections in Madurai.
AIADMK launches a data-driven campaign to regain missing votes, combining booth-level analysis with a cost-of-living outreach initiative.
Karnataka Governor Thawar Chand Gehlot emphasizes role of education in fostering morality and social responsibility at convocation of Davangere University.
Karnataka government allocates ₹40 lakh for 20 Kambalas in Dakshina Kannada and Udupi districts to support traditional events.
Praful Patel confirms no opposition to Sunetra Pawar's leadership in NCP, pending family consent for key appointments.
On World Cancer Day, a cancer survivor examines how treating the mind alongside the tumour is finally becoming a critical pillar of oncology in India
Bengaluru university hosts programme on Gandhi, music, and civilizational plurality, urging students to embrace Gandhian ideals and constitutional values.
Wings India 2026 captivates Hyderabad as families and aviation enthusiasts flock to Begumpet Airport for a festive aviation experience.
Sanjay Raut criticizes discussions on NCP leadership post-Ajit Pawar's death, calling it "inhuman" and lacking compassion.
Police recover the body of a missing woman from a Chennai dump yard in a triple murder investigation involving her family.
Nivedita Bhasin shares her pioneering journey as the youngest female jet commander and advocating for gender diversity.
Kudumbashree volunteers in Choornikara deliver library books to homes, fostering reading among women and children in the community.