Credential stuffing is a frequent type of cyber attack.
This attack exploits a common practice of reusing the same username-password combination across multiple services. After username-password combinations are found through data breaches, threat actors then try unlocking other services using these combinations.
The credential stuffing process can be automated. Automation makes trying stolen username-password combinations against many services easy and cheap.
Imagine you have a key that unlocks your home's entry door. For convenience, when you next bought a car, you made the car door let itself be unlocked by the same key. Some months later, you left your car keys at a restaurant. Anyone who found your car keys could unlock your car, then find mail with your home address in your glove compartment. When they visit your home address, they could use the car key to unlock your entry door. This is what happens with credential stuffing. But, as it's digital, you can do all this cheaply and quickly, thousands at a time.