Credential stuffing is a growing threat. It is not new, but for many companies it is treated as annoying background noise that can be absorbed by bandwidth, handled by access controls, and ignored. New figures suggest that this is a bad approach.
http://feedproxy.google.com/~r/Securityweek/~3/oLnzBRhsaHo/credential-stuffing-attacks-are-reaching-ddos-proportions