Account or credential stuffing is an attack in which the attacker tries out stolen credentials, usually username / email address and password, on many different websites. This attack can be automated by tools for automation in the web area, such as Selenium, curl or PhantomJS, or special tools such as SNIPR or STORM. This attack is made possible by the fact that users often use the same username-password combination for many services. A modification is possible through the use of password patterns, i.e. predictable patterns.