credential stuffing (3)

8140694258?profile=RESIZE_400xAkamai recently published a report detailing criminal activity targeting the retail, travel, and hospitality market segments with attacks of all types and sizes between July 2018 and June 2020.  The report also includes numerous examples of criminal ads from the Dark web illustrating how they cash in on the results from successful attacks and the corresponding data theft.

So, what is credential stuffing?  Please visit and read our full report at:

The US Federal Bureau of Investigation (FBI) is warning organizations in the financial sector about an increase in botnet-launched credential stuffing attacks.  Many of these attacks, which target APIs, are being fed by billions of stolen credentials leaked over the last several years. 


Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorized acces

Summary Wapack Labs has identified a new credential stuffing tool named BlackBullet for sale through third-party hacking sites. BlackBullet started selling on hacking sites in early 2018 and will be available in open source in March 2019. This report provides background information on the BlackBullet tool, outlines capabilities, and identifies companies targeted for credential stuffing.