Cybersecurity North America

87 million credential stuffing attacks target US daily

According to Atlas VPN investigation, hackers employ credential stuffing attacks on US citizens more than 87 million times per day.

Combining the number of credential stuffing attacks of nine other countries from the top 10 list accounts for 16.9 billion attacks. The analyzed period is 24 months, from December of 2017 to November of 2019.

Meaning, these countries received only 26.4% of attacks that the US did in the same time frame.

Rachel Welch, COO of Atlas VPN, shares her advice on how to protect yourself against credential stuffing attacks: “Individuals that wish to protect themselves from credential stuffing attacks should set up two-factor authentication whenever possible. When hackers discuss credential stuffing attacks on the dark web, they often complain that 2-factor authentication is the biggest roadblock to a successful cyber-attack.“

Credential stuffing economy

Together with the credentials, scammers that wish to abuse leaked credentials will have to order checker software. Advanced checkers even collect the exact information that is available in the account, such as credit card details and account balances. Checkers cost around $150

Also, to overcome rate-limiting, hackers will have to use proxies. Rate limiting is a cyber-security measure which blocks a large number of login attempts from a single IP address.

Proxies allow hackers to change their IP addresses, which overcomes this restriction. Proxy services cost around $250/week.


  • Editorial Director of the The Fintech Times

Related posts

New Unicorn Splashtop Announces $50m in Funding

Polly Harrison

Using AI to Combat Bias: Marcia Tal on the Advantages of Identifying Bias in Customer Complaints

Polly Harrison

Marsh Launches Financial and Professional Protection for US Fintech Firms

Manisha Patel