Credential stuffing was used for targeting online services such as video streaming, food delivery businesses, or online gaming in the past. However, with an ever-increasing success ratio of this strategy, several professional hackers have smoothly moved to adopt it. Recently, the FBI issued a security advisory regarding the increasing popularity of credential stuffing attacks against financial institutions.
Hacking groups are now using credential stuffing to target financial service providers, including banks, investment firms, cryptocurrency exchanges, insurance companies, and online banking services, to steal financial assets.
Several attacks targeting the APIs leveraged by financial services often fail to implement strong multi-factor authentication. Over the past few years, such attacks have successfully led to multi-million dollar losses at some bigger organizations.