A new report released by Shape Security yesterday details how the Sentry MBA tool makes credential stuffing attacks more widely available to cybercriminals.
The traditional “brute force” method of breaking into a user account requires the attacker to try numerous combinations of login ID and password. It’s a difficult, time-consuming process. Plus, defending organizations have learned to stop these kinds of attacks by blocking multiple attempts to log into the same account, or multiple login attempts from the same IP address.
A credential stuffing attack increases the attackers success rate and reduces the time it takes to break into accounts by using stolen lists of working login IDs and passwords from other sites, since many people use the same email addresses and passwords as their credentials in multiple locations.