What are you searching for?


Mitigating the impact of credential stuffing attacks

March 01, 2022
3 min

The Rise of Credential Stuffing Attacks and Online Privacy Concerns

The growth of e-commerce in recent years has led to a sharp increase in credential stuffing attacks and online privacy concerns. According to many sources, upwards of 30 billion records were compromised in 2020 alone. That's higher than the past 15 years combined. Cybercriminals use these stolen records in automated credential stuffing attacks to take over user accounts using both leaked and/or stolen credentials. Studies estimate that the average user has around 100 passwords to remember, so many of us are reusing the same passwords across multiple sites, which often contributes to the success of these attacks. Once attackers gain access to a user's account, they call sell it on the dark web, steal customer data or money (generally from loyalty accounts) causing substantial financial harm and ruining the brand reputation.

Cybercriminals know that performing millions of login requests from a single IP address will look suspicious, so they often use a proxy service to distribute the attack over a range of rotating IP addresses to make the traffic look natural.

It's a never-ending race. The business implements new robust defenses, and the attackers just get more sophisticated with their attacks. It's almost impossible to stop all attacks. However, credential stuffing attacks are preventable if the right measures are implemented. You have to increase the cost of the attack for the hacker so that you're no longer an easy or appealing target.

At ReachFive, we have worked on an Identity Fraud Protection module that diminishes the impact of credential stuffing attacks. This module monitors users' activity on our platform and automatically detects abnormal activity from a malicious IP address and blocks it from the service. We are able to differentiate a bot from a legitimate user thanks to our algorithm that we improve continuously.

Blocked IP addresses can't perform a request on our platform after being blocked meaning hackers have to keep rotating addresses to continue their attack, which is extremely expensive and time-consuming for them.

Most attacks stop after a few minutes thanks to our Identity Fraud Protection module.

The IFP Module: Safeguarding Your Account

The IFP module automatically suspends compromised accounts to avoid letting the attackers access their personal information or perform a transaction with the user's details. Users are informed about suspicious activity on their accounts and they're able to regain access to their account only after securing it. Thanks to this module, we blocked more than 40k malicious IP addresses and reduced the number of compromised accounts by 100x during a credential stuffing attack.

We provide other services to help you mitigate the impact of credential stuffing attacks as well, such as passwordless flows, multi-factor authentication, and our captcha integration.

If you are interested in securing your users data and protecting your brand image, you can contact one of our specialists. Organise a call here:



   Matthew Thresh
   Customer Identity Specialist
   Choose your 15 minutes Catch Up


Interested to learn more about ReachFive?

Whatever you need - business cases, best practices, product presentation... our team of experts is happy to help you.