Anatomy of an API Attack

Credential stuffing and account takeover

In this episode, we cover the attacker technique of credential stuffing used to achieve account takeover (ATO). Credential stuffing is a technique where attackers repurpose data or leaked credentials from prior breaches in an attempt to find working logins. Attackers automate these attacks and target login APIs to obtain working credentials. Once they’ve found working credentials, attackers use this information to authenticate and access functionality or data for which they’re unauthorized.

About the Anatomy of an API Attack video series
The goal is to provide a deeper understanding of attacker techniques so that you’re better equipped to protect your APIs and build an API security strategy. Organizations increasingly rely on APIs to power their business and provide access to valuable data. Attackers know this and are constantly looking for API flaws to exploit with tools, motivation, and time on their side.

Related resources