You have a security problem - your users

Key takeaways
  • You will learn what a credential stuffing attack is
  • You will learn some best practices for communicating security issues to your users

Account Takeover (ATO) is an emerging security problem where an attacker gains unauthorized access to consumer accounts online, and either re-sells them or exploits the account for financial or informational gain. The most common ATO method is one called credential stuffing, where the attacker purchases cheap lists of compromised usernames and passwords on the dark web, and runs the list on login endpoints of popular websites for successful hits. This method is usually done via botnets and across distributed IPs at scale in short time frames, and can be very successful due to the fact that many people reuse their passwords across different services. With new regulations like GDPR, we're seeing a shift in responsibility toward data owners to keep user accounts and data safe. Companies can no longer put the burden of security on the user by enforcing multi factor authentication and elaborate password schemes, and expect to stay compliant and safe from attacks. Learn the anatomy and evolution of credential stuffing attacks, and why simple IP rate limiting rules no longer work to protect users.

Sebastian Wallin

Sharpen your skills. Explore

Pick your topics of interest below
Large Spinner


Partners, Sticker Mule

Best companies

Best companies, Qlik
Best companies, VP Securities
Best companies, Telavox
Best companies, EDP
Best companies, Avensia
Best companies, Citerus
Best companies, Avega Group
Best companies, Handelsebanken
Best companies, Play'n'GO
Best companies, Capgemini
Best companies, Trustly
Best companies, Danskebank
Best companies, Lantmäteriet
Best companies, ÅF