According to Akamai’s latest State of the Internet report on credential stuffing, credential stuffing continues to be a growing threat, with financial services companies being the major target.
Credential stuffing attacks occur when botnets try login credentials usually obtained through phishing attacks and data breaches. The bots then attempt the same credentials on banks and retailers web sites. This kind of attack is efficient, due to the bad habit of users to reuse the same username and password over multiple services and accounts.
8.3 billion malicious login attempts were detected from bots in May and June 2018, up from 6.3 billion in March and April 2018.
Read more about it here.