Malware often gets top billing in mainstream news reporting of cyber-threats. It makes for snappy headlines and a compelling narrative—–but it’s not the whole story. Increasingly, organizations are finding customers exposed to malware-free account takeover attacks, which could result in serious data theft. There are several ways hackers can takeover accounts, from password spraying to session hijacking and phishing. Credential stuffing is among the most successful of these hacking techniques, and it’s on the rise. It’s a problem estimated to cost US firms alone over $5bn per year. However, with simple measures like adaptive multi-factor authentication (MFA), companies can mitigate risk and protect their sensitive data. How does credential stuffing occur? Credential stuffing is a kind of brute-force attack in which hackers take large volumes of stolen or breached logins and use automated tools to try them out en masse to see if they can crack open other accounts. Customers.