Cybersecurity North America

87 million credential stuffing attacks target US daily

According to Atlas VPN investigation, hackers employ credential stuffing attacks on US citizens more than 87 million times per day.

Combining the number of credential stuffing attacks of nine other countries from the top 10 list accounts for 16.9 billion attacks. The analyzed period is 24 months, from December of 2017 to November of 2019.

Meaning, these countries received only 26.4% of attacks that the US did in the same time frame.

Rachel Welch, COO of Atlas VPN, shares her advice on how to protect yourself against credential stuffing attacks: “Individuals that wish to protect themselves from credential stuffing attacks should set up two-factor authentication whenever possible. When hackers discuss credential stuffing attacks on the dark web, they often complain that 2-factor authentication is the biggest roadblock to a successful cyber-attack.“

Credential stuffing economy

Together with the credentials, scammers that wish to abuse leaked credentials will have to order checker software. Advanced checkers even collect the exact information that is available in the account, such as credit card details and account balances. Checkers cost around $150

Also, to overcome rate-limiting, hackers will have to use proxies. Rate limiting is a cyber-security measure which blocks a large number of login attempts from a single IP address.

Proxies allow hackers to change their IP addresses, which overcomes this restriction. Proxy services cost around $250/week.


  • Editorial Director of the The Fintech Times

Related posts

Women Are Less Likely to Have Experienced a Financial Scam Than Men

Polly Jean Harrison

Zolve Connect Launches in Partnership With Gigs to Support Expats Moving to the US

Tom Bleach

Insurtech Market Set To Be Disrupted by Digital Innovation in 2021; According to ICON

Tyler Pathe