A type of attack in which hackers take credential combinations, typically username and password pairs, that have been exposed in earlier data breaches and try them against login sites. Credential stuffing’s success depends upon the widespread tendency of people to use the same credentials across multiple sites. Credential stuffing may be accomplished in an automated or semi-automated fashion. Compare dictionary attack and contrast brute force attack.