Credential Stuffing
Definition
Credential stuffing is an attack in which stolen usernames and passwords from previously leaked databases are tried against other services. It exploits password reuse.
Credential stuffing exploits the reality that many people reuse the same password across multiple services. Attackers buy or steal databases of credentials and use automated tools to try those combinations at massive scale.
Unlike brute force, the passwords used have already been proven valid at another service. This makes the attack more efficient and harder to detect.
Defence: multi-factor authentication (MFA), detection of suspicious login patterns, have-i-been-pwned checks and encouraging users to use unique passwords via a password manager.