{"id":17780,"date":"2026-02-17T08:00:00","date_gmt":"2026-02-17T12:00:00","guid":{"rendered":"https:\/\/agencepdn.com\/?p=17780"},"modified":"2026-02-17T06:18:11","modified_gmt":"2026-02-17T10:18:11","slug":"credential-stuffing-2","status":"publish","type":"post","link":"https:\/\/agencepdn.com\/en\/credential-stuffing-2\/","title":{"rendered":"Credential stuffing (2)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"17780\" class=\"elementor elementor-17780 elementor-17719\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-cc0c004 elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"cc0c004\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8c76687\" data-id=\"8c76687\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-37ea9ae elementor-widget elementor-widget-spacer\" data-id=\"37ea9ae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-d457be1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d457be1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ac0f1b2\" data-id=\"ac0f1b2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4f3dc66 elementor-widget elementor-widget-image\" data-id=\"4f3dc66\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1200\" height=\"500\" src=\"https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/296.jpg\" class=\"attachment-full size-full wp-image-17782\" alt=\"\" srcset=\"https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/296.jpg 1200w, https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/296-300x125.jpg 300w, https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/296-1024x427.jpg 1024w, https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/296-768x320.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fb50b89 elementor-widget elementor-widget-spacer\" data-id=\"fb50b89\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e27bbd5 elementor-widget elementor-widget-post-info\" data-id=\"e27bbd5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-95d9d67 elementor-inline-item\" itemprop=\"author\">\n\t\t\t\t\t\t<a href=\"https:\/\/agencepdn.com\/en\/author\/agencepdn\/\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-far-user-circle\" viewBox=\"0 0 496 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M248 104c-53 0-96 43-96 96s43 96 96 96 96-43 96-96-43-96-96-96zm0 144c-26.5 0-48-21.5-48-48s21.5-48 48-48 48 21.5 48 48-21.5 48-48 48zm0-240C111 8 0 119 0 256s111 248 248 248 248-111 248-248S385 8 248 8zm0 448c-49.7 0-95.1-18.3-130.1-48.4 14.9-23 40.4-38.6 69.6-39.5 20.8 6.4 40.6 9.6 60.5 9.6s39.7-3.1 60.5-9.6c29.2 1 54.7 16.5 69.6 39.5-35 30.1-80.4 48.4-130.1 48.4zm162.7-84.1c-24.4-31.4-62.1-51.9-105.1-51.9-10.2 0-26 9.6-57.6 9.6-31.5 0-47.4-9.6-57.6-9.6-42.9 0-80.6 20.5-105.1 51.9C61.9 339.2 48 299.2 48 256c0-110.3 89.7-200 200-200s200 89.7 200 200c0 43.2-13.9 83.2-37.3 115.9z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-author\">\n\t\t\t\t\t\t\t\t\t\tAgence PDN\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-c1f32b6 elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t<a href=\"https:\/\/agencepdn.com\/en\/2026\/02\/17\/\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-calendar\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M12 192h424c6.6 0 12 5.4 12 12v260c0 26.5-21.5 48-48 48H48c-26.5 0-48-21.5-48-48V204c0-6.6 5.4-12 12-12zm436-44v-36c0-26.5-21.5-48-48-48h-48V12c0-6.6-5.4-12-12-12h-40c-6.6 0-12 5.4-12 12v52H160V12c0-6.6-5.4-12-12-12h-40c-6.6 0-12 5.4-12 12v52H48C21.5 64 0 85.5 0 112v36c0 6.6 5.4 12 12 12h424c6.6 0 12-5.4 12-12z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\t<time>17\/02\/2026<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-c021c92 elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-far-clock\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M256 8C119 8 8 119 8 256s111 248 248 248 248-111 248-248S393 8 256 8zm0 448c-110.5 0-200-89.5-200-200S145.5 56 256 56s200 89.5 200 200-89.5 200-200 200zm61.8-104.4l-84.9-61.7c-3.1-2.3-4.9-5.9-4.9-9.7V116c0-6.6 5.4-12 12-12h32c6.6 0 12 5.4 12 12v141.7l66.8 48.6c5.4 3.9 6.5 11.4 2.6 16.8L334.6 349c-3.9 5.3-11.4 6.5-16.8 2.6z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-time\">\n\t\t\t\t\t\t\t\t\t\t<time>08:00<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-cf333d2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cf333d2\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bf3fb8c\" data-id=\"bf3fb8c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c5283be elementor-widget elementor-widget-spacer\" data-id=\"c5283be\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6680862 elementor-widget elementor-widget-text-editor\" data-id=\"6680862\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The first part of this report highlighted an often underestimated reality: <strong>credential stuffing does not rely on spectacular technical flaws, but on the reutilization of valid credentials<\/strong> obtained from leaks, sometimes dating back years. This characteristic makes it a persistent threat that is difficult to detect and perfectly compatible with otherwise well-secured infrastructures. Thus the question is no longer about understanding the phenomenon, but about identifying truly appropriate and efficient responses. However, in this area, many organizations try to set-up measures that appear reassuring, but\u00a0 with a limited effectiveness when facing attacks designed to resemble legitimate use.<\/p><p>How can we fight against such a phenomenon?\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-43b7880 elementor-widget elementor-widget-spacer\" data-id=\"43b7880\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-756f0bf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"756f0bf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fcd18ac\" data-id=\"fcd18ac\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-285d3ec elementor-widget elementor-widget-heading\" data-id=\"285d3ec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Moving away from a password-centered approach<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-b8bb2c8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b8bb2c8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-21733ef\" data-id=\"21733ef\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9f62b38 elementor-widget elementor-widget-spacer\" data-id=\"9f62b38\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d5940e9 elementor-widget elementor-widget-text-editor\" data-id=\"d5940e9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The most common response to credential stuffing is to <strong>strengthen password complexity requirements.<\/strong> While necessary from an overall security perspective, this measure only addresses a marginal part of the problem. As we have seen, credential stuffing primarily exploits credentials that have already been compromised elsewhere. In this context, the theoretical complexity of the password is less important than its reuse. A long and complex password, used on multiple services, remains exploitable once it has been leaked.<\/p><p>A policy focused exclusively on the formal robustness of passwords has several limitations<\/p><ul><li>it does not take into account the history of external compromises<\/li><li>it does not allow the identification of accounts exposed via third-party leaks<\/li><li>it gives a false sense of protection that does not correspond to the actual level of risk<\/li><\/ul><p>The issue of credential stuffing therefore requires a change in perspective: it is no longer just about protecting a secret. You have to consider that <strong>this secret may already have been exposed elsewhere.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dee3cbb elementor-widget elementor-widget-spacer\" data-id=\"dee3cbb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-db5e282 elementor-widget elementor-widget-heading\" data-id=\"db5e282\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Multi-factor authentication: needed but not enough<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dbaea84 elementor-widget elementor-widget-spacer\" data-id=\"dbaea84\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2049d67 elementor-widget elementor-widget-text-editor\" data-id=\"2049d67\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Multi-factor authentication is one of the most effective ways to reduce the impact of credential stuffing. If the system<strong> requires a second factor, it limits significantly<\/strong> the direct exploitation of a compromised password. However,<strong> its effectiveness depends heavily on how it is implemented.<\/strong> Several factors determine the actual effectiveness of multi-factor authentication<\/p><ul><li>the type of second factor used<\/li><li>the exceptions granted (trusted devices, long sessions)<\/li><li>the actual coverage of<\/li><li>the account base<\/li><li>the management of backup procedures<\/li><\/ul><p>A second factor based on codes sent by SMS, for example, remains vulnerable to fraud or misuse. Similarly, optional multi-factor authentication, or multi-factor authentication limited to certain categories of users, still leaves a significant attack surface. <strong>And most importantly, multi-factor authentication does not eliminate credential stuffing, it only mitigates its consequences.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3cd4ddf elementor-widget elementor-widget-spacer\" data-id=\"3cd4ddf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-abbb9c9 elementor-widget elementor-widget-heading\" data-id=\"abbb9c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Combining indicators for improved detection<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4fe59fa elementor-widget elementor-widget-spacer\" data-id=\"4fe59fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd5a144 elementor-widget elementor-widget-text-editor\" data-id=\"cd5a144\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Traditional defense mechanisms are often designed to <strong>detect abnormal volumes<\/strong> of failed logins. However, in credential stuffing, attackers adjust their attacks to avoid these thresholds. A more effective approach is therefore to shift the focus to authentication behavior rather than just the number of failed attempts.<\/p><p>Several signals, that are weak when taken in isolation, can reveal an ongoing campaign<\/p><ul><li>multiple attempts on a large number of separate accounts<\/li><li>inconsistencies between the geographic distribution of attempts and that of the known user population<\/li><li>unusual variations in the technical environments used<\/li><li>abnormal success rates followed by atypical activity<\/li><\/ul><p>Taken <strong>separately,<\/strong> each of these indicators may seem unsignificant; <strong>when added together and analyzed collectively over time<\/strong>, however, they can identify patterns that characteristic of credential stuffing. This approach requires a more sophisticated ability to correlate and analyze behavior (and therefore greater technical and financial resources) than simple mechanisms that block repeated failed attempts.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a370a3 elementor-widget elementor-widget-spacer\" data-id=\"8a370a3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f21b01 elementor-widget elementor-widget-heading\" data-id=\"9f21b01\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Integrating leak data into risk management\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3d92a81 elementor-widget elementor-widget-spacer\" data-id=\"3d92a81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8700ced elementor-widget elementor-widget-text-editor\" data-id=\"8700ced\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>An organization cannot control leaks that occur elsewhere. However, it can incorporate this reality into its own defense strategy.<strong> Continuous monitoring<\/strong> of compromised databases that are publicly available or via specialized partners makes it possible to identify potential exposures ahead of attacks. When an address associated with an internal account appears in a leak, the risk of credential stuffing automatically increases.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-035efbe elementor-widget elementor-widget-spacer\" data-id=\"035efbe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-40ecb3a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"40ecb3a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e3d4001\" data-id=\"e3d4001\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e92a977 elementor-widget elementor-widget-spacer\" data-id=\"e92a977\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d6a2018 elementor-widget elementor-widget-image\" data-id=\"d6a2018\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"768\" height=\"576\" src=\"https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/210-768x576.jpg\" class=\"attachment-medium_large size-medium_large wp-image-17778\" alt=\"\" srcset=\"https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/210-768x576.jpg 768w, https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/210-300x225.jpg 300w, https:\/\/agencepdn.com\/wp-content\/uploads\/2026\/02\/210.jpg 1024w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-570dd93 elementor-widget elementor-widget-spacer\" data-id=\"570dd93\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8103176 elementor-widget elementor-widget-heading\" data-id=\"8103176\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The specific issue of privileged accounts<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2271efe elementor-widget elementor-widget-spacer\" data-id=\"2271efe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18bc545 elementor-widget elementor-widget-text-editor\" data-id=\"18bc545\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Not all accounts are created equal. <strong>Privileged accounts are particularly attractive targets in credential stuffing campaigns,<\/strong> especially when they use addresses and passwords that are also used for personal purposes. Credential stuffing exploits the cross-functional nature of digital usage. The more an account is exposed to different environments, the more likely it is to be included in a leak. It is therefore necessary to regularly audit these accounts and only grant access to them if they are essential and, preferably, for a <strong>limited<\/strong> period of time.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-479c443 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"479c443\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-cee4a17\" data-id=\"cee4a17\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-326d4f3 elementor-widget elementor-widget-spacer\" data-id=\"326d4f3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-b08ae43 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b08ae43\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-eed46bf\" data-id=\"eed46bf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ee35996 elementor-widget elementor-widget-text-editor\" data-id=\"ee35996\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Security policies that ignore actual user practices allow structural vulnerabilities to persist. Reuse of credentials, informal account sharing, proliferation of unlisted tools: these practices expand the attack surface far beyond the theoretical perimeter. The solution therefore lies in gaining a better understanding of actual digital usage, rather than hoping that users will be more disciplined than they really are. Credential stuffing reminds us that security must also be based on a detailed understanding of usage patterns. Check back soon on the blog for a new topic. If you have a movie, TV series, software, or e-book to protect, don&#8217;t hesitate to call on our services by contacting one of our account managers. PDN has been a pioneer in cybersecurity and anti-piracy for over ten years, and we are sure to have a solution to help you. Happy reading, and see you soon!<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t<div data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-element elementor-element-1722338 e-flex e-con-boxed e-con e-parent\" data-id=\"1722338\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-element elementor-element-85d14c4 e-con-full e-flex e-con e-child\" data-id=\"85d14c4\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-81e77c2 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"81e77c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Share this article<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1dba823 elementor-share-buttons--view-icon elementor-share-buttons--color-custom elementor-widget__width-initial elementor-share-buttons--skin-gradient elementor-share-buttons--shape-square elementor-grid-0 elementor-widget elementor-widget-share-buttons\" data-id=\"1dba823\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"share-buttons.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-grid\" role=\"list\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\" role=\"listitem\">\n\t\t\t\t\t\t<div class=\"elementor-share-btn elementor-share-btn_facebook\" role=\"button\" tabindex=\"0\" aria-label=\"Share on facebook\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fab-facebook\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\" role=\"listitem\">\n\t\t\t\t\t\t<div class=\"elementor-share-btn elementor-share-btn_twitter\" role=\"button\" tabindex=\"0\" aria-label=\"Share on twitter\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fab-twitter\" viewBox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-grid-item\" role=\"listitem\">\n\t\t\t\t\t\t<div class=\"elementor-share-btn elementor-share-btn_linkedin\" role=\"button\" tabindex=\"0\" aria-label=\"Share on linkedin\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-share-btn__icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fab-linkedin\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3zM135.4 416H69V202.2h66.5V416zm-33.2-243c-21.3 0-38.5-17.3-38.5-38.5S80.9 96 102.2 96c21.2 0 38.5 17.3 38.5 38.5 0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9V416z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The first part of this report highlighted an often underestimated reality: credential stuffing does not rely on spectacular technical flaws, but on the reutilization of valid credentials obtained from leaks, sometimes dating back years. This characteristic makes it a persistent threat that is difficult to detect and perfectly compatible with otherwise well-secured infrastructures. Thus the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":17779,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,22,37,38],"tags":[],"class_list":["post-17780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-copyright","category-piracy","category-tv-series","category-website"],"_links":{"self":[{"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/posts\/17780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/comments?post=17780"}],"version-history":[{"count":52,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/posts\/17780\/revisions"}],"predecessor-version":[{"id":17834,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/posts\/17780\/revisions\/17834"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/media\/17779"}],"wp:attachment":[{"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/media?parent=17780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/categories?post=17780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/agencepdn.com\/en\/wp-json\/wp\/v2\/tags?post=17780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}