https://www.bleepingcomputer.com/news/security/okta-credential-stuffing-accounts-for-34-percent-of-all-login-attempts/ > Credential stuffing attacks have become so prevalent in the first quarter of 2022 that traffic surpassed that of legitimate login attempts from normal users in some countries. > This type of attack takes advantage of “password recycling,” which is the bad practice of using the same credential pairs (login name and password) across multiple sites.