All Categories
Credential Attacks
Credential stuffing, brute force, password spraying, and stolen login data traded on dark markets.
12 case studies
Credential Attacks
2024critical
Snowflake Credential Theft: Ticketmaster, AT&T, and 160 Others Breached via Stolen Logins
2 min readCredential Attacks
2023high
23andMe: 6.9 Million DNA Profiles Scraped via Credential Stuffing
2 min readCredential Attacks
2023medium
Duolingo 2.6 Million User Data Scraped via Exposed API Endpoint
2 min readCredential Attacks
2022high
GitHub Token Theft via Travis CI: CI/CD Access Exposes Private Repository Secrets
2 min readCredential Attacks
2022medium
Okta Credential Stuffing: 18,000 Customer Accounts Tested with Stolen Passwords
2 min readCredential Attacks
2021high
Twitch Source Code Leak: 125GB of Internal Data from Credential Misuse
2 min readCredential Attacks
2021high
GoDaddy 2021: 1.2 Million WordPress Hosting Customers Exposed via Compromised Password
2 min readCredential Attacks
2019high
Collection #1: 773 Million Unique Credentials Dumped in One Post
2 min readCredential Attacks
2018medium
Reddit SMS MFA Bypass: Attacker Intercepts Texts to Access Employee Accounts
2 min readCredential Attacks
2015medium
Slack 2015: Hashed Passwords Stolen, and the Attacker Left a Message
2 min readCredential Attacks
2012high
Dropbox 2012: 68 Million Passwords Exposed Because an Employee Reused a Password
2 min readCredential Attacks
2009high
RockYou: 32 Million Plaintext Passwords Teach the World About Password Storage
2 min readCredential Attacks
Defend against credential attacks
Practical guides drawn directly from these incidents.