Gartner predicts that by 2022, API abuses will become the most common attack vector resulting in data breaches. Credential stuffing takes advantage of a common weak point: the tendency of many users to reuse passwords. Many companies simply are unaware of the huge amount of data they’re transmitting via APIs and dont do a good enough job protecting them. Companies simply need to place as high a priority on securing their back-end APIs and services as they have on other parts of their infrastructure.”]
Source: https://www.darkreading.com/attacks-breaches/the-evolving-threat-of-credential-stuffing