In this talk we will cover a new attack methodology based on the concept of “offline credential stuffing”. This approach makes use of large amounts of correlated data and abuses the commonality of user password reuse to efficiently reduce the workload required to attack large lists of slow, salted hashes.