This is particularly harmful as it makes the hackers almost undetectable while they move around the network and carry out more malicious attacks. Data breaches due to credential theft cost organizations an average of 4.5 million last year.  Password Spraying If a hacker is like a burglar breaking into a house a password spraying attack is like ringing the front doorbell until someone is careless enough to let them in. Preying on users who don't practice good password hygiene hackers use bots to try common combinations like password123 or 11111 across many user accounts until they find a combination that works.
Credential Stuffing Okta's Grundy noted that organizations are seeing an increase in this type of attack recently. In this variant of password spraying malicious actors use lists of compromised Whatsapp Mobile Number List passwords purchased from the dark web or stolen from previous attacks to brute force access to a variety of websites. This exploits the weakness of many users to reuse passwords. In a recent attack the data of more than 71000 customers at a fast-food chain was stolen by hackers.
Man-in-the-middle attacks Also known as user-in-the-middle attacks these tactics involve intercepting a communication between two parties enabling a malicious actor to obtain all sorts of potentially useful information collect including passwords. They can infect the user with spyware that can look over their shoulder and record their online activity. Or they could install rootkit malware that would take over the victim's workstation and then move around the network impersonating that user.