Credential Stuffing Attack

What is Credential Stuffing Attack?

Credential Stuffing Attack is a type of cyberattack in which the hacker collects breached account credentials (usernames or email addresses and the corresponding passwords), and uses them to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.

Suppose you have an email account abc@xxx.com and the password is Abc?123@ (relatively complex). For easy memory management and account access, the same email and password are used on multiple websites A, B, C, D, etc.

If this email and password are hijacked, the hackers will try to use them to log in to accounts on various other websites. This means that your accounts registered with the same email and password on websites A, B, C, D, etc. will be easily stolen. If you have assets in the accounts, they might be stolen too.

 

How to avoid Credential Stuffing Attack?

1. CoinEx strongly recommends binding 2FA to avoid credential stuffing attacks.

2. Avoid setting passwords that are too simple and easy to guess.

3. Avoid using the same email address and password for account registration.

4. Change your password regularly.