Credential Stuffing uses leaked credentials from breaches to test across multiple accounts. Which term describes this attack type?

Credential stuffing relies on leaked username/password pairs from data breaches and uses automated tools to try them across many different online accounts. The attack depends on credential reuse—people often use the same credentials on multiple sites—so the leaked pairs can unlock multiple accounts if they match. This differs from password spraying, which tries a small set of common passwords across many accounts to stay under detection thresholds; brute force targets a single account with many attempts to guess the password; and social engineering involves manipulating people to reveal credentials rather than exploiting reused credentials across services. Therefore, this is credential stuffing.