Credential Stuffing Attack

What is Credential Stuffing Attack?
Credential Stuffing Attack is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to the user accounts through large-scale automated login requests directed against a web application.

Suppose you have an email account abc@xxx.com, and the password is Abc?123@ (relatively complex). For the convenience of memory and usage, all websites A, B, C, D, etc. apply this email address to register and the same password. Assuming that a hacker gets this email and password one day, the hacker will try to log in on major websites with this email and password, and your accounts registered with this email and password on websites A, B, C, D, etc. will be stolen.

How to avoid Stuffing Attack?
1. CoinEx strongly recommends that bind 2FA avoid stuffing attacks.
2. When registering an account, avoid using the same email address and password as other accounts, and develop a good habit of changing the password regularly.