Safeguard
Tag

credential-stuffing

Safeguard articles tagged "credential-stuffing" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Security Guides

OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide

Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.

Jul 5, 20266 min read
Vulnerability Analysis

What is Credential Stuffing

Credential stuffing uses billions of breached passwords to hijack accounts at scale. Learn how it works, real breaches it caused, and how to stop it.

Mar 26, 20266 min read
Vulnerability Analysis

What is a Brute Force Attack

A brute force attack guesses credentials until one works. Learn how attackers execute it, real breach data, warning signs, and effective defenses.

Mar 26, 20267 min read
Vulnerability Analysis

What is Broken Authentication

Broken authentication lets attackers assume another user's identity via credential stuffing, forged tokens, or auth-bypass CVEs like Fortinet's CVE-2022-40684.

Mar 23, 20266 min read
Application Security

What is Rate Limiting

Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.

Mar 9, 20266 min read
Industry Analysis

Broken Authentication in API Endpoints

Broken authentication in API endpoints drove breaches at T-Mobile, Optus, and Peloton. Here's why it keeps happening and how to catch it before attackers do.

Nov 5, 20257 min read
Industry Analysis

Missing Rate Limiting on APIs and Login Endpoints

Missing rate limiting turned single APIs into 37-million-record breaches at T-Mobile and Optus. Here's why it happens, how attackers exploit it, and how to catch it first.

Nov 5, 20257 min read
Incident Analysis

Roku Credential Stuffing Attacks Compromise 576,000 Accounts

In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.

Apr 12, 20247 min read
Credential Attacks

General Motors Credential Stuffing Attack: Loyalty Points Theft at Scale

Attackers used credential stuffing to compromise GM customer accounts, stealing reward points and personal data — a reminder that password reuse remains one of the most exploitable habits in cybersecurity.

May 24, 20225 min read
credential-stuffing — Safeguard Blog