2021 Credential Stuffing Report

Attack Types
Credential Stuffing
Shape Security & F5 Labs
Nov 15, 2021

Despite consensus about best practices, industry behaviors around password storage remain poor. Plaintext storage of passwords is responsible for the greatest number of spilled credentials by far, and the widely discredited hashing algorithm MD5 remains surprisingly prevalent.

Organizations remain weak at detecting and discovering intrusions and data exfiltration. Median time to discovering a credential spill between 2018 and 2020 was 120 days; the average time to discovery was 327 days. Often spills are discovered on the dark web before organizations detect or disclose a breach.

Some content is hidden, to be able to see it login here Login

Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.