“The OWASP describes credential stuffing as “the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts.” In other words, automating lists of stolen logins to “brute force” an entry, and doing nefarious things once access is obtained.”