What is Credential stuffing and using Zero Trust to stop this?
Credential stuffing is when a hacker attack takes advantage of the practice of password reuse of users. A hacker begins with a stolen ID and password. The hacker then starts to go across multiple sites, Yahoo mail, Gmail, Hotmail, Office 365, and if he is in, it begins. The hacker then uses the user name and password pair and "stuff" the info into the login form of other applications.
This single stolen login or password pair use these credentials across other common sites. When an account holder reuses the same (or similar) passwords on multiple sites, it creates a domino effect in which a single-credential pair is used to breach various cloud applications, and the floodgates open.
A business needs to start to think about a Zero Trust environment as you don't trust anything. If you believe a moat is the best use of security, you are severely wrong. A system of skepticism is critical for every login attempt.
Zero trust is based on the presumption that you don't rely on anything in your system anymore.
Okta found almost 10 billion credential stuffing attempts in the first 90 days of 2022, which amounts to 34% of authentication traffic.
We can help turn on Okta for your firm, so you are not exposed to credential stuffing.