🛡️ Free practice test question from: Credential Stuffing (Security+)

Credential stuffing is a type of cyberattack where attackers take advantage of the common practice of users reusing the same username and password combinations across multiple websites.
This method is particularly effective because many users do not use unique passwords for each of their online accounts, making it easier for attackers to compromise multiple services using the same set of credentials,

A) Generating random password combinations: This describes a brute force attack rather than credential stuffing, which uses known credentials rather than random guesses.

B) Cross-referencing user metadata: While this involves data analysis, it doesn't specifically address the method of using known credentials across multiple sites.

D) Advanced social engineering techniques: This refers to manipulating users into revealing credentials, such as through phishing, which is a different attack vector from credential stuffing.

Real life example of credential stuffing > https://blog.dropbox.com/topics/company/dropbox-wasnt-hacked