Credential Theft
Also known as: Credential stealing
Credential theft is the act of stealing authentication data — usernames, passwords, tokens, and session cookies — so an attacker can impersonate a legitimate user. Infostealers, phishing, and keylogging are common methods, and stolen credentials underpin most modern intrusions.
What is credential theft?
Credential theft refers to any technique used to obtain another party's authentication secrets. It spans malware-based methods (infostealers, keyloggers), social engineering (phishing, fake login pages), and interception. The stolen secrets let attackers log in as the victim, often without triggering alarms.
Credential theft in the attack lifecycle
Stolen credentials are a key enabler at multiple stages of an attack: gaining initial access, escalating privileges, and moving laterally. Industry incident analysis consistently shows stolen or compromised credentials as one of the most common factors in breaches.
By surfacing credentials stolen via infostealers the moment they appear in logs, VantaPrism shortens the window between theft and detection, giving defenders time to act before stolen credentials are used.
Check Your Exposure arrow_forwardFrequently Asked Questions
What methods are used for credential theft?
Related Terms
Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…
Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…
Credential stuffing is an automated attack that takes username/password pairs leaked from one source and tries them e…
Session hijacking is the takeover of an authenticated session by stealing and reusing its session token or cookie. Be…