Cyber Doc logo Cyber Doc
Cybersecurity Term

What is credential stuffing?

Attempts to reuse leaked usernames and passwords across other services.

Passwords & Access Last reviewed: 2026-05-20

← Back to Learn Centre

What is credential stuffing?

Credential stuffing happens when attackers take usernames and passwords leaked from one service and try them on other services.

Simple example

A password stolen from an old shopping account is tried against the person’s business email account.

Why it matters

This works because many people reuse passwords across personal and business services.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Use unique passwords for every service.
  • Use a password manager.
  • Enable MFA on important accounts.
  • Monitor for leaked credential alerts where possible.
  • Disable dormant accounts.

Reactive steps

  • Change affected passwords immediately.
  • Check whether the same password was used elsewhere.
  • Review recent account activity.
  • Reset sessions and remove unknown devices.
  • Enable MFA if it was not already active.

Related terms

  • Password reuse
  • Password manager
  • Credential theft