Skip to content
The Nexus
DossierENTITY

credential stuffing

Coverage of credential stuffing in the Nexus archive.

Earliest in view: Apr 21 · 11:30 UTCMost recent: May 28 · 02:46 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 28 · 02:46 UTCNBC BAY AREA
    California sues 23andMe, alleging it failed to protect user data in 2023 breach

    California’s attorney general sued Chrome Holding Co. (formerly 23andMe) for failing to protect user data in a 2023 breach affecting 7 million people. The breach, using credential stuffing from a 2017 MyHeritage data leak, allowed attackers to access 14,000 accounts and steal genetic data, health reports, and relative information, which was later sold on the dark web. The lawsuit seeks penalties and injunctions against the company for violating privacy laws.

  • SECURITYApr 21 · 11:30 UTCTHE HACKER NEWS
    No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

    The cybersecurity industry has focused on sophisticated threats like zero-days and AI-generated exploits, but stolen credentials remain the most reliable entry point for attackers. Identity-based attacks, particularly through credential stuffing, are a dominant initial access vector in breaches.

credential stuffing · Dossier · The Nexus