Credential stuffing attacks are a technique of using lists of credentials from past data breaches against a new site, with the goal of finding an account that reuses those compromised credentials across multiple sites. From and organizational standpoint, the best action to take against credential stuffing attacks is to educate end users on this form of attack and advise them of the dangers of using an identical password across multiple sites. In many cases, however, this alone is not enough to sway a user from using an identical password, but there are also additional prevention and detection steps that an organization can take. For example, an organization can implement strong password policies – one that sets character, symbol, and number minimums – as well as ensuring that passwords are set to rotate frequently. Additionally, an organization could also employ detection rules to look out for credential stuffing attacks. Some possible detection opportunities are:
• Monitoring for a large number of failed authentications in a short time frame
• Monitoring for a large number of successful authentications from the same IP
• Monitoring for successful authentications from a suspicious location
• Monitoring for successful authentications at unusual times
https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/
