Credential stuffing attackers try to login to a target account with a username/password pair - a user’s credential - that was previously stolen in a breach of some other service. Multi-factor authentication can provide defense-in-depth, however many authentication services and users don’t yet employ it and, even with MFA , services and their users need to be warned when a username/password pair is vulnerable.

Cloudflare's 'Exposed Credential Checks' feature cross checks a user's credentials against a database of known-breached credentials gathered and maintained by Cloudflare. In the event that a match is found, the application, and the user, can be warned about vulnerable credentials and take corrective action such as triggering a password reset flow for that user or a second factor authentication challenge.

Enterprise customers can request early access to this feature by signing up using the form on the right.