Security News > 2022 > August > FBI warns of residential proxies used in credential stuffing attacks

The Federal Bureau of Investigation warns of a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks without being tracked, flagged, or blocked.
Because credential stuffing attacks carry specific characteristics that differentiate them from regular login attempts, websites can easily detect and stop them.
To override basic protections, the FBI warns that threat actors are using residential proxies to hide their actual IP address behind ones commonly associated with home users, which are unlikely to be present in blocklists.
Using these tools, cybercriminals automate credential stuffing attacks, with bots attempting to log in across numerous sites using previously stolen login credentials.
The FBI says credential stuffing attacks are not limited to websites and have been seen targeting mobile applications due to their poor security.
In a joint operation involving the FBI and the Australian Federal Police, the agencies investigated two websites that contained over 300,000 unique sets of credentials obtained through credential stuffing attacks.
News URL
Related news
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)