Credential stuffing—where attackers use email addresses and passwords stolen from one site to attempt to access other sites—took off in 2018, with nearly 30 billion documented attempts recorded by Internet infrastructure firm Akamai, according to its new report.
The attacks are enabled by easy-to-use software and widespread botnets that can take lists of usernames and passwords and try to log in to a variety of sites. On average, Akamai saw more than 115 million attempts to use stolen credentials per day, and three times during the year the attacks spiked to more than 250 million attempts per day.
Read more here.
[KM1]See above comment.