Compromised user credentials are a common attack vector, and can lead to sustained, costly attacks. As an Identity-as-a-service provider (IDaaS), Auth0 sees a large number of attacks targeting user credentials across our customer base. Some of our customers are under attack nearly 24/7.
Known as credential stuffing attacks, these attempts to compromise user accounts with stolen credentials is a difficult problem to solve. More than 80% of companies state it is difficult to detect, fix, or remediate credential stuffing attacks, and these attacks result in an average of more than $6 million a year in costs per company.