TripAdvisor is taking a proactive approach to prevent its users from falling victim to credential stuffing attacks by invalidating member passwords if the password and corresponding email address were found in publicly leaked data breach databases.
Credential stuffing attacks, in which a threat actor uses leaked or stolen login credentials for user accounts of one service, to try to gain access to accounts for another service, are a growing problem as more and more credentials get leaked and people continue to reuse passwords for multiple accounts.
Read more: TripAdvisor Invalidates Member Passwords Found in Data Breaches