Credential stuffing, where names and passwords leaked in previous breaches are reused, strikes again.