Code Room
On-callMediumoc-g596
Subject Security credential stuffingLevel Mid–Senior~35 minCommon in Security · Networking & APIs interviewsIndustries Technology, Software development

Question

Your login-success rate dashboard drops from 92% to 38% over 20 minutes while total login attempts spike 30x. The auth-service logs show requests hitting POST /login with thousands of distinct email addresses, each tried 1-2 times, from ~4,000 distinct residential IPs. Support tickets are starting: a handful of users report being locked out, and two report 'someone logged into my account.' No deploy went out today. You're on call for the identity team. How do you triage and respond?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.