Credential Stuffing

ABSTRACT

We have been conducting between April - July 2020 a scraping of all new content in Pastebin.com that allowed us to assess different cyber-criminal activities (e.g: doxing, PII leakage, credit card fraud). We became interested in the great number of credential information leaks regularly uploaded to the site. Several questions were raised regarding the source of those leaks and the motivations behind publicly posting that kind of information. The project tries to shed light on those questions by providing a preliminary approach to research credential stuffing.

Credential Stuffing Research - Summary.pdf