close icon
Illustration created by Martín Díaz Colodrero.
Credential Stuffing

Auth0 Reveals 50,000 Unique IP Addresses Make Credential Stuffing Attempts on Daily Basis

Breached Password Detection and Multifactor Authentication Critical for Prevention

November 18, 2019

Illustration created by Martín Díaz Colodrero.

BELLEVUE, Wash., November 18, 2019 — The Auth0 Identity Platform, a product unit within Okta, today revealed data insights showing the staggering amount of credential stuffing attacks attempted on its platform on a daily basis. Auth0 detects attacks from more than 50,000 unique IP addresses every day, reflecting the growing sophistication and frequency of cybercrime. Credential stuffing attempts are constantly multiplying, with absolutely no slowdown in sight.

The sheer number of attempts is due largely to the ease and inexpensive manner in which credential stuffing attacks can be orchestrated. Getting access to breached passwords is the first step for attackers, and unfortunately, there are billions openly available on the internet. Auth0's database contains more than one billion breached email/password combinations which are used for its Breached Password Detection feature, the first line of defense against credential stuffing. Breached credentials, in combination with 65% of people reusing passwords across accounts (Google), enables hackers to architect botnets — networks of exploited devices — to direct large-scale attacks in a coordinated manner.

Whereas targeted attacks have a specific and designated entry in mind, large-scale attacks like credential stuffing are automated and intended to attack as many entry points as possible. There is also a proliferation of 'botnets-for-hire' where services are traded among hackers, even rented for nominal fees for use in widespread attacks. And their destruction can oftentimes go unnoticed because these botnets steal insignificant amounts of money from services (like Spotify or Netflix) that actually add up to billions of dollars every year.

Between July and September 2019 alone, Auth0 determined that during a credential stuffing attack, traffic for a particular website may surge as much as 180x the usual volume, with traffic related to the attack itself accounting for 70% of overall activity.

"Unfortunately, it has become very easy and cheap for bad actors to quickly rotate the IP addresses used in an attack. Nearly all of the attacks we detect appear to originate from botnets," said Matias Woloski, CTO and co-founder of Auth0. "Many major brands have fallen victim to credential stuffing attacks this year — causing a significant impact on IT resources, account takeovers, and brand reputation. Even the largest companies are vulnerable if they don't have the right preventative measures in place." 

Auth0 is at the front door to stop credential stuffing attacks. Breached Password Detection (part of Auth0's Anomaly Detection), with its internal database of more than one billion breached passwords, enables customers to block user accounts that try to login with compromised information, and only grants access when the password has been reset. This is instrumental in blocking credential stuffing attacks, since hackers rely on people reusing email and password combinations that have already been breached.  

In addition, Multifactor Authentication (MFA) is one of the best ways to prevent account takeovers, whether from a credential stuffing attack or something else. In order to compromise an MFA-protected account, attackers would need to access not only a set of breached credentials used across accounts, but also the device used for the second factor. Combatting MFA drastically increases the time and effort needed for bad actors to compromise an account, which makes it infeasible to do at scale. Auth0 is working on additional features to reduce the perceived friction end users experience when MFA is implemented.

"Breached Password Detection and MFA functionality are the critical barriers for preventing credential stuffing attacks. We are continuously improving our features to detect and prevent, and will be rolling out new functionality to have even greater visibility into attacks," added Woloski.

About Auth0

Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit

Media Contacts

Alex Plew
Matter for Auth0

Deepika Zafar
Racepoint Global for Auth0, EMEA

  • Twitter icon
  • LinkedIn icon
  • Faceboook icon