Home Resources Credential Stuffing: How to protect your brand Credential Stuffing: How to protect your brand Recently, there have been a number of major data breaches leading to other brands becoming the subject of emerging cyber-attacks. So, what exactly is credential stuffing and what can businesses and customers do to protect themselves? Credential stuffing is an automated cyber-attack where an individual’s credentials obtained in one data breach are then used to log into their other unrelated services. For example, an individual’s data may have been compromised in a data breach at one organisation, and that user name (potentially their email address) and password are then used on other websites to try and gain access to their accounts or profiles there. How does it happen? Most people have multiple online accounts that require passwords for access, they often find it easier to remember one password to access them all. While this practice may be simpler for the user to remember, it does place them at a higher risk of becoming victims to credential stuffing. This is because if those login details and passwords are involved in a data breach, it becomes available to once bad actors (hackers) – usually on the dark web. One hackers get access to a set of login and password details, they use these credentials to gain access to other personal and business accounts that the user may use the same access logins and password details on. So while it may be tempting for a business to think that it’s the customers that need to take extra care, it is important to remember that no matter how a bad actor obtains the credentials to access your systems, it can expose your business to the risk of compliance breaches, downtime, loss of trust, reputational damage and financial losses. What can a brand do about it? Offer users MFA (multiple factor authentication). It requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. Most use SMS to provide a two-step code verification. Whatever type of verification you offer, think of it as an additional way to protect your customers and your brand accounts against credential stuffing. What can individuals do about it? It’s best to be proactive and the best thing an individual can do is to practice responsible password management. Ensure you set complex passwords that are hard to guess and have additional numerical or special characters. Refrain from using the same one across multiple different platforms. Finally, ensure you change your passwords often. Once a year is suggested as the bare minimum, with monthly more frequent changes providing the increased protection. Want to learn more? ADMA members have access to the credential stuffing toolkit. With comprehensive information available for marketers regarding credential stuffing, it is the best way to educate yourself on the matter and protect your business against attacks. The Credential Stuffing Toolkit is an ADMA member resource. Log in with your ADMA member account to access. Access the toolkit FIND OUT FIRST, STAY CONNECTED Sign up to receive ADMA newsletters, updates, trends, special offers, events, critical issues and more Job role*Agency Account Manager/ExecutiveAgency Account/Strategy DirectorCDOCEO / Managing DirectorClient Service / Sales ManagerClient Service/Sales DirectorCMO / CCO / Marketing DirectorCreative Director / HeadData Analyst / Scientist / EngineerDesigner/Copywriter/Creative ManagerEarly Career Data Analyst / Scientist / EngineerHead of Analytics / Analytics LeaderHead of Category/Customer Experience/InsightsHead of Marketing/BrandHead of ProductHR/Learning and Development ManagersIT Director/ManagerLegal/RegulatoryMarketing ConsultantMarketing Executive / CoordinatorMarketing Freelancer / ContractorProduct / Brand / Digital / Communication ManagerSenior Data Analyst / Scientist / EngineerSenior Marketing/Brand ManagerOther You may unsubscribe at any time using the link provided in the communication. View our Privacy Policy.