Credential stuffing is a type of cyberattack where threat actors try out a list of credentials (usernames + passwords) they stole or sourced from leaked data breaches against platforms hoping to gain access to accounts. Specifically, Atlantis AIO features pre-configured modules for these services to perform brute force attacks, bypass CAPTCHAs, automate account recovery processes, and monetize stolen credentials/accounts. A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. Threat actors commonly conduct credential stuffing attacks using free tools, like Open Bullet 2 and SilverBullet, along with premade "configs" that are shared on cybercrime forums. Email Account Testing – Automates brute-force and takeover attempts on popular email platforms like Hotmail, Yahoo, and Mail.com, allowing attackers to gain control of the account and access inboxes for phishing or data theft. Account Recovery – Exploits account recovery processes (e.g., on eBay, Yahoo), bypasses CAPTCHAs, and automates takeovers using tools like "Auto-Doxer Recovery" for faster and more efficient credential exploitation. Credential stuffing attacks can be thwarted if you use strong, unique passwords and multi-factor authentication at every site where you have an account. Atlantis AIO is a new Credential Stuffing as a Service (CSaaS) platform that allows cybercriminals to pay for a membership and automate these types of attacks. Brute Force Attacks – Rapidly cycles through common or weak passwords on targeted platforms to crack accounts with poor password hygiene. Other threat threat actors create shops where they sell stolen accounts for as little as $0.50 per account. If you receive reports from online services about unusual logins from strange locations or unexpected password reset emails, you should immediately investigate whether your credentials were compromised. If the credentials match and the account isn't protected by multi-factor authentication, they can hijack it, lock the legitimate owner out, and then abuse or resell the account to others. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Over the years, these attacks have impacted brands and services like Okta, Roku, Chick-fil-A, Hot Topic, PayPal, Pet Smart, and 23andMe. The cybercrime service Atlantis AIO was discovered by Abnormal Security, which reports it is capable of targeting over 140 online services worldwide. Websites can help stop these attacks by implementing rate limiting and IP throttling, using advanced CAPTCHA puzzles, and monitoring for suspicious behavior patterns. Multi-factor authentication is critical, as even if credentials are compromised, threat actors won't be able to log in without also stealing the MFA information.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 26 Mar 2025 17:45:44 +0000