{"id":16996,"date":"2026-06-09T08:18:55","date_gmt":"2026-06-09T06:18:55","guid":{"rendered":"https:\/\/bezpecnenanete.eset.com\/sk\/?p=16996"},"modified":"2026-06-16T09:05:59","modified_gmt":"2026-06-16T07:05:59","slug":"credential-stuffing-o-aky-typ-podvodu-ide-a-ako-sa-pred-nim-chranit","status":"publish","type":"post","link":"https:\/\/bezpecnenanete.eset.com\/sk\/cybernews\/credential-stuffing-o-aky-typ-podvodu-ide-a-ako-sa-pred-nim-chranit\/","title":{"rendered":"Credential stuffing: O\u00a0ak\u00fd typ podvodu ide a\u00a0ako sa chr\u00e1ni\u0165?"},"content":{"rendered":"\n
\"Credential<\/figure>\n\n\n\n
<\/div>\n\n\n\n

Pou\u017e\u00edvanie rovnak\u00e9ho hesla naprie\u010d viacer\u00fdmi \u00fa\u010dtami je s\u00edce pohodln\u00e9, no poskytuje \u017eivn\u00fa p\u00f4du pre probl\u00e9my, ktor\u00e9 m\u00f4\u017eu zasiahnu\u0165 cel\u00fd v\u00e1\u0161 digit\u00e1lny svet. Tento (zlo)zvyk vytv\u00e1ra ide\u00e1lne podmienky na credential stuffing \u2013 techniku, pri ktorej \u00fato\u010dn\u00edci pou\u017e\u00edvaj\u00fa zoznamy predt\u00fdm uniknut\u00fdch prihlasovac\u00edch \u00fadajov a systematicky zad\u00e1vaj\u00fa dvojice pou\u017e\u00edvate\u013esk\u00e9ho mena a hesla do prihlasovac\u00edch formul\u00e1rov vybran\u00fdch online slu\u017eieb. Ak pou\u017e\u00edvate tie ist\u00e9 prihlasovacie \u00fadaje v r\u00f4znych \u00fa\u010dtoch, jedin\u00e1 tak\u00e1to dvojica m\u00f4\u017ee \u00fato\u010dn\u00edkom poskytn\u00fa\u0165 pr\u00edstup aj k slu\u017eb\u00e1m, ktor\u00e9 spolu nijako nes\u00favisia.<\/p>\n\n\n\n

Credential stuffing je v\u00a0digit\u00e1lnom svete doslova ekvivalentom situ\u00e1cie, ke\u010f niekto objav\u00ed univerz\u00e1lny k\u013e\u00fa\u010d, ktor\u00fd otvor\u00ed dom, kancel\u00e1riu aj trezor \u2013 v\u0161etko naraz. A\u00a0n\u00e1js\u0165 tak\u00fdto k\u013e\u00fa\u010d pritom v\u00f4bec nemus\u00ed by\u0165 \u0165a\u017ek\u00e9 \u2013 m\u00f4\u017ee poch\u00e1dza\u0165 z\u00a0minul\u00fdch \u00fanikov \u00fadajov<\/a> \u010di zo\u00a0zlo\u010dineck\u00fdch f\u00f3r, pr\u00edpadne m\u00f4\u017eu \u00fato\u010dn\u00edci nasadi\u0165 tzv. infostealer<\/a>, ktor\u00fd z\u00a0napadnut\u00fdch zariaden\u00ed a\u00a0webov\u00fdch prehliada\u010dov z\u00edskava prihlasovacie \u00fadaje.<\/p>\n\n\n\n

\n
\n
\"Bajtovci<\/figure>\n<\/div>\n\n\n\n
\n
\"\"<\/figure>\n\n\n\n
<\/div>\n\n\n\n

Objavte svet Bajtovcov, kde sa digit\u00e1lny svet prel\u00edna s ka\u017edodenn\u00fdmi dobrodru\u017estvami. Pou\u010dn\u00e9 epiz\u00f3dy, ne\u010dakan\u00e9 v\u00fdzvy a st\u00e1le viac z\u00e1had na obzore! Pozrite si v\u0161etky epiz\u00f3dy.<\/p>\n\n\n\n

\n
SLEDOVA\u0164<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n

\u010co rob\u00ed credential stuffing tak\u00fdm nebezpe\u010dn\u00fdm a \u00fa\u010dinn\u00fdm?<\/h2>\n\n\n\n

Ako je u\u017e pravdepodobne zrejm\u00e9, t\u00e1to technika sa \u00fato\u010dn\u00edkom mimoriadne vypl\u00e1ca vzh\u013eadom na\u00a0na\u0161u tendenciu pou\u017e\u00edva\u0165 rovnak\u00e9 hesl\u00e1 naprie\u010d r\u00f4znymi \u00fa\u010dtami vr\u00e1tane t\u00fdch najhodnotnej\u0161\u00edch, ako s\u00fa \u00fa\u010dty v\u00a0internetbankingu, e-mailov\u00fdch slu\u017eb\u00e1ch, na soci\u00e1lnych sie\u0165ach \u010di v\u00a0e-shopoch. To, ak\u00fd roz\u0161\u00edren\u00fd je tento zlozvyk, ilustruje aj prieskum spolo\u010dnosti NordPass<\/a>, pod\u013ea ktor\u00e9ho sa 62\u00a0% Ameri\u010danov prizn\u00e1va, \u017ee hesl\u00e1 \u201e\u010dasto\u201c alebo \u201ev\u017edy\u201c recykluj\u00fa.<\/p>\n\n\n\n

Ke\u010f \u00fato\u010dn\u00edk z\u00edska prihlasovacie \u00fadaje z jedn\u00e9ho miesta, m\u00f4\u017ee ich sk\u00fa\u0161a\u0165 prakticky v\u0161ade inde. Pomocou botov alebo automatizovan\u00fdch n\u00e1strojov m\u00f4\u017ee tieto prihlasovacie \u00fadaje zad\u00e1va\u0165 do prihlasovac\u00edch formul\u00e1rov alebo rozhran\u00ed API, pri\u010dom strieda IP adresy a napodob\u0148uje spr\u00e1vanie legit\u00edmnych pou\u017e\u00edvate\u013eov, aby zostal nepov\u0161imnut\u00fd.<\/p>\n\n\n\n

V porovnan\u00ed s \u00fatokmi hrubou silou, pri ktor\u00fdch sa \u00fato\u010dn\u00edci pok\u00fa\u0161aj\u00fa uh\u00e1dnu\u0165 heslo pomocou n\u00e1hodn\u00fdch alebo be\u017ene pou\u017e\u00edvan\u00fdch vzorov, je met\u00f3da credential stuffing jednoduch\u0161ia: vyu\u017e\u00edva \u00fadaje, ktor\u00e9 \u013eudia alebo nimi pou\u017e\u00edvan\u00e9 online slu\u017eby v minulosti nechtiac prezradili \u2013 neraz e\u0161te pred mnoh\u00fdmi rokmi. A na rozdiel od \u00fatokov hrubou silou, pri ktor\u00fdch m\u00f4\u017eu opakovan\u00e9 ne\u00faspe\u0161n\u00e9 pokusy o prihl\u00e1senie spusti\u0165 poplach, sa pri met\u00f3de credential stuffing pou\u017e\u00edvaj\u00fa platn\u00e9 prihlasovacie \u00fadaje, tak\u017ee \u00fatoky \u010dasto unikn\u00fa pozornosti.<\/p>\n\n\n\n

Hoci credential stuffing nie je \u017eiadnou novinkou, nieko\u013eko trendov situ\u00e1ciu e\u0161te viac zhor\u0161ilo. Mno\u017estvo infostealerov dramaticky nar\u00e1stlo \u2013 potichu z\u00edskavaj\u00fa prihlasovacie \u00fadaje priamo z webov\u00fdch prehliada\u010dov a m\u00f4\u017eu predstavova\u0165 hrozbu dokonca aj pre spr\u00e1vcov hesiel<\/a>. \u00dato\u010dn\u00edci m\u00f4\u017eu z\u00e1rove\u0148 vyu\u017e\u00edva\u0165 skripty (s podporou umelej inteligencie), ktor\u00e9 simuluj\u00fa be\u017en\u00e9 \u013eudsk\u00e9 spr\u00e1vanie a dok\u00e1\u017eu prek\u013aznu\u0165 cez z\u00e1kladn\u00fa ochranu proti botom, pri\u010dom testuj\u00fa kombin\u00e1cie prihlasovac\u00edch \u00fadajov e\u0161te nen\u00e1padnej\u0161ie a vo v\u00e4\u010d\u0161om rozsahu.<\/p>\n\n\n\n

Takto vyzer\u00e1 rozsah, v akom m\u00f4\u017eu by\u0165 \u00fatoky typu credential stuffing vykon\u00e1van\u00e9:<\/p>\n\n\n\n