You can do everything perfectly, but still be targeted with a credential stuffing attack. It leverages what we call inherent vulnerabilities. Inadvertent vulnerabilities is something that can be patched like SQL injection or some misconfigured application. You are susceptible to credential stuffing attacks because you have a log-in form that is public facing.
Vice President, Shape Intelligence Center, Shape Security, Part of F5 Networks