Alert Icon

Click for our most recent information on:   COVID-19  |  Branch Status  

Alert Exit

Credential stuffing

How many times have you reused a username and password combination for an online login?

If you recycle username and password information for everything from your online banking to your most recent retail shopping spree, you’re not alone. The increase in digital services certainly makes things easier, but it also requires a longer and longer list of log-in credentials to keep track of.

Using the same passwords makes it easier to remember them, but unfortunately, it also may put your accounts at risk. Attackers are always trying to get username and password combinations, and it’s important to do all we can to minimize their chances of success. 

How does this impact me?


Reusing log-in information can open you up to a specific type of fraud called credential stuffing. In this type of fraud, attackers will use a bot to randomly submit username and password combinations from previous data breaches at other organizations into financial institution login pages with the aim of gaining access to an account.

If you become a target of a credential stuffing attack, you’ll most likely receive some type of security alert or notification of a locked account due to too many password-username combination attempts. They may also text or call you, pretending to be the bank, and alert you to fake transactions to convince you to work with them to take action.

It’s important to note that we will never call you and ask for your personal information or for a one-time code from a text or email.

If you receive any calls like this or get a notification of a login attempt on your United Community Bank account that you did not make, contact us immediately and change your password.

What can I do to minimize risk?


The most effective way to guard yourself and your account against credential stuffing efforts is to create unique usernames and passwords for each of your online accounts. This will ensure that, should an attacker gain access to login information for one online account you hold, your other accounts will remain inaccessible.

Helpful hint: Try mixing up your username by adding capital letters, numbers or other special characters that make it harder for hackers to guess. If your name is Jane Doe and you were born in 1976, a hacker very possibly might guess Jane_Doe76, but they’re unlikely to guess J@nE_L0ves_├žat$. Pair that with a complex password and your chances of falling victim to credential stuffing plummets.

When possible, opt for a two-factor authentication login. This will ensure your account remains unbreached even if an attacker does manage to gain access to your login credentials.

You can read more password tips to keep hackers and attackers at bay here.

Questions? Concerns? We’re here to help.


If you think you’re the victim of fraud or think someone is attempting to access your personal financial information, contact us immediately. We will help you take the best next steps.

*cloudflare.com/learning/bots/what-is-credential-stuffing