Email this Article Email   

CHIPS Articles: Cybersecurity: What is Credential Stuffing?

Cybersecurity: What is Credential Stuffing?
By CHIPS Magazine - January 3, 2019
The National Security Agency advises internet users not to fall victim to cybersecurity fatigue in the wake of the nearly weekly reports of data breaches to businesses and organizations. One of the dangers of ignoring the reports is falling prey to a credential stuffing attack.

A credential stuffing attack occurs when a hacker acquires a large quantity of usernames and passwords, potentially from a previous attack or a website that publishes exfiltrated data, often found on the Dark Web. Then the hacker runs these stolen credentials through tools that enable the hacker to test them across multiple websites to find potential matches, according to the NSA.

For example, if your username and password is compromised from a breach to Company A – and you use that same username and password to login to your social media account – then that account could also be in jeopardy. This means that not only is your information found in Company A’s networks at risk but the personal information, potentially including credit card numbers, bank accounts, Social Security numbers, and more, found in accounts that you use the same username/password combination, is also vulnerable.

How can you prevent such a compromise? First, it’s important to pay attention to when major data breaches occur. Many reputable businesses and organizations will notify you if your account has been breached. Other times, you may find out through media reporting. No matter, if you have an account with a company that experiences a data breach, immediately change your password.

If you use that same username and password combination for other accounts (a lot of people do this for ease of access to their accounts, although cybersecurity professionals advise against this practice), make sure to change those passwords as well as soon as possible. Be proactive and use this as an opportunity to create unique username and password combinations for all your online accounts. NSA recommends two factor authentication when possible which will provide you with additional protection in the event of a network attack. NSA also recommends using a password manager to help you keep track of your accounts and passwords.

Cybersecurity experts at the National Security Agency, along with the Department of Homeland Security, share best practices that can help you protect yourself online. If you are interested in learning more about how to be more cybersecure, read the NSA article Best Practices for Keeping Your Home Network Secure. As NSA reminds us, it's everyone’s responsibility to protect our online information.

For more information about cybersecurity, visit NSA’s cybersecurity page, and

Lock with hex pattern. Nipitpon Singad / EyeEm (Visual Information Record Identification Number: 180915-D-IM742-1025.JPG)
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer