SOCRadar® Cyber Intelligence Inc. | 91% of E-Commerce Login Traffic is Credential Stuffing Attempts


Nov 24, 2022
2 Mins Read

91% of E-Commerce Login Traffic is Credential Stuffing Attempts

Credential stuffing is a type of cyberattack in which user login information or entire password lists are obtained through theft or leaks and used to log into another service. Weak and reused passwords invite credential stuffing attacks, which rely on using the same compromised password for multiple websites. 

Credential stuffing attacks have become a major concern for e-commerce businesses because they significantly impact them. Especially during the holiday season, when there is an increase in the number of orders and security can lapse, allowing credential stuffing and other types of attacks. 

After all, the holiday season means more phishing campaigns, which means more credentials to stuff. 

Recent Cases of Credential Stuffing 

  • In late July 2022, The North Face fell victim to a credential stuffing attack. Personal and purchase information of almost 195,000 accounts was exposed. 
  • A credential stuffing attack hit General Motors’ online platform and exposed customer information in April 2022. Attackers exchanged customers’ reward points for gift cards

Credential stuffing attacks target users, the weakest link in e-commerce and the entry point for a potentially larger scheme. A single compromised account is sufficient to generate a profit, whereas larger schemes can seriously disrupt business operations.

To learn more about the techniques and impact of credential stuffing attacks, check out our E-Commerce Threat Landscape Report.

What is the Future of Credential Stuffing? 

Cybersecurity researchers discovered 193 billion credential stuffing attacks in 2020 globally, according to Help Net Security.

The graph below shows how much of the login traffic in an industry is perceived as a credential stuffing attempt; the e-commerce industry has the highest percentage, with 91% of traffic merely attackers attempting to login to your account.

credential stuffing
(Source: Statista)

Credential stuffing has quickly outpaced other attack strategies against the e-commerce industry due to the industry’s rapid expansion. As the industry develops, new threats related to it will always surface.