What does the term 'credential stuffing' refer to?

Credential stuffing is a cyberattack method where attackers use stolen usernames and passwords to gain unauthorized access to accounts. This technique relies on the fact that many users tend to reuse the same credentials across multiple sites and services. Once the attackers acquire these stolen credentials, they automate the process of attempting to log in to various accounts using this information.

The success of credential stuffing hinges on the prevalence of reused credentials. If a thief obtains a database of usernames and passwords from a data breach, they can systematically test those credentials against different websites, hoping to find accounts where the same login information has been used. This makes the attack particularly effective and dangerous, as it can lead to unauthorized access to various sensitive accounts, including email, bank, and social media accounts.

In the context of the other answer options, brute forcing a password involves systematically guessing passwords until the correct one is found, which is different from the use of already stolen credentials. Phishing for password information involves tricking users into divulging their credentials, rather than using stolen information. Encrypting credentials for security pertains to protecting them rather than the act of gaining unauthorized access. Thus, the focus on using stolen credentials for unauthorized access distinctly characterizes credential stuffing.