A new Akamai report sheds light on the immense popularity of credential stuffing attacks among cyber criminals. In a credential stuffing attack, a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, based on the knowledge that many people reuse passwords for multiple accounts.

Between May and December of last year, 28 billion attempts at credential stuffing were detected, 10 billion of which affected retail websites. The use of botnets for credential stuffing attacks has surged according to the report, and credential stuffing campaigns are now often completely automated.

Read more: 28 Billion Credential Stuffing Attempts During Second Half of 2018