Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Reverse brute-force attack

Reverse brute-force attack

(also reverse brute force attack)

Reverse brute-force attack definition

An indiscriminate cyberattack where the hacker tries one password on as many accounts as possible. It flips the regular brute-force attack on its head — in this case, the attacker knows a common password and is trying to guess which username goes with it.

Reverse brute-force attacks often target organizations with predictable account names (e.g., name.surname@organization.org), leaked account databases, or publicly available account lists.

Real reverse brute-force attack examples

  • Breaking into government systems that publicly list staff email addresses
  • Attacks on email lists obtained on the dark web — without the accompanying passwords, these compilations can be purchased very cheaply on shady online marketplaces

Stopping a reverse brute-force attack

  • Use a strong password because reverse brute-force attacks prey on accounts with common passwords.
  • Use multi-factor authentication (MFA) — this way, even if hackers manage to guess your password, they won’t automatically break into your account.
  • Use a reliable password manager like NordPass to generate unique passwords for each of your accounts.

Further reading

Ultimate digital security

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.