Billions of user credentials (usernames and passwords) have been exposed publicly over the last few years. The natural question that comes up is “what do cybercriminals do with these stolen credentials?” Well, apart from using them to attempt logins to the breached website itself, the second most common thing cybercriminals will do with stolen credentials is to use them in an attack called “credential stuffing.”
Back in August, a hacker named peace_of_mind claimed to be selling a database containing credentials for 200 million Yahoo accounts.
At the time Yahoo indicated they were investigating the matter, but could not confirm.
Today, Yahoo confirmed that 500 million accounts were compromised in what we believe is the largest known data breach in history.