credential-stuffing
Safeguard articles tagged "credential-stuffing" — guides, analysis, and best practices for software supply chain and application security.
9 articles
OWASP A07: Identification and Authentication Failures — A Deep-Dive Guide
Identification and Authentication Failures rank #7 in the OWASP Top 10 (2021). A deep dive into credential stuffing, session handling, real CVEs, and 2026 fixes.
What is Credential Stuffing
Credential stuffing uses billions of breached passwords to hijack accounts at scale. Learn how it works, real breaches it caused, and how to stop it.
What is a Brute Force Attack
A brute force attack guesses credentials until one works. Learn how attackers execute it, real breach data, warning signs, and effective defenses.
What is Broken Authentication
Broken authentication lets attackers assume another user's identity via credential stuffing, forged tokens, or auth-bypass CVEs like Fortinet's CVE-2022-40684.
What is Rate Limiting
Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.
Broken Authentication in API Endpoints
Broken authentication in API endpoints drove breaches at T-Mobile, Optus, and Peloton. Here's why it keeps happening and how to catch it before attackers do.
Missing Rate Limiting on APIs and Login Endpoints
Missing rate limiting turned single APIs into 37-million-record breaches at T-Mobile and Optus. Here's why it happens, how attackers exploit it, and how to catch it first.
Roku Credential Stuffing Attacks Compromise 576,000 Accounts
In April 2024, Roku disclosed that two separate credential stuffing campaigns had compromised approximately 576,000 customer accounts, with attackers making fraudulent purchases and changing account details on some affected accounts.
General Motors Credential Stuffing Attack: Loyalty Points Theft at Scale
Attackers used credential stuffing to compromise GM customer accounts, stealing reward points and personal data — a reminder that password reuse remains one of the most exploitable habits in cybersecurity.