In the first quarter of 2022, credential stuffing attacks have grown to be the leading cause of authentication traffic for Okta users, with 10 billion events being detected on the platform. This accounts for roughly 34% of the overall traffic on the platform. When looking at the data from a geographical perspective, areas of the world such as Southeast Asia and the United States had some of the highest disparity between these malicious logins and legitimate traffic. When looking at the data from an industry perspective, the most targeted industries were the retail/commerce industry, the education industry, and the energy industry.
Credential stuffing is a form of attack where threat actors exploit the bad practice known as “password recycling” – where users reuse their credentials across multiple sites. Threat actors will exploit this bad practice by attempting to use a previously breached account’s credentials across other sites. These attacks typically come in large bursts of traffic, with an actor attempting credentials for multiple breached accounts at once, which can also cause some impacted platforms to sustain significant load spikes as well.