Credential harvesting is when an attacker obtains, or harvests, a victim’s credentials. This can be targeted at a specific user, as part of a multi-stage attack, but credentials are often stolen from many users at once, usually for financial gain.

One method of targeted credential harvesting is known as a watering hole attack. A watering hole attack is when an attacker compromises a third-party service, software, or website used by a target in order to get access to the target. The third-party service is the “watering hole” that the victims are all using, or “drinking from”. This is an example of how poor security on the part of third-party vendors can compromise the security of the organizations that hire them.

One example of a watering hole attack occurred in 2012, when a hacker group targeted websites promoting political activism. The attack involved redirecting victims to a different compromised site, which would attempt to download malware onto the victims’ computers.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?