Source: https://globalprivacyassembly.org/wp-content/uploads/2022/06/22-06-27-Credential-stuffing-guidelines.pdf