To address the privacy-security trade-off arising from cross-site password reuse in credential stuffing attacks, this paper proposes a privacy-preserving framework for predicting password reuse risk. Methodologically, it first formalizes “cross-site password reuse relationships” and constructs a heterogeneous website graph; it then jointly leverages website feature embeddings and graph neural networks (GNNs) for link prediction, while integrating federated learning to enable decentralized model training—ensuring raw user credentials remain local and comply with privacy regulations. Evaluated on 360 million real-world breached account records, the framework achieves an F1-score of 0.9153, outperforming state-of-the-art GNN baselines by 4–11%, and supports generation of interpretable, actionable risk scores. Key contributions include: (i) a privacy-first, cross-domain risk modeling paradigm; and (ii) the first federated graph learning architecture specifically designed for credential stuffing defense.

Credential stuffing attacks have caused significant harm to online users who frequently reuse passwords across multiple websites. While prior research has attempted to detect users with reused passwords or identify malicious login attempts, existing methods often compromise usability by restricting password creation or website access, and their reliance on complex account-sharing mechanisms hinders real-world deployment. To address these limitations, we propose PassREfinder-FL, a novel framework that predicts credential stuffing risks across websites. We introduce the concept of password reuse relations -- defined as the likelihood of users reusing passwords between websites -- and represent them as edges in a website graph. Using graph neural networks (GNNs), we perform a link prediction task to assess credential reuse risk between sites. Our approach scales to a large number of arbitrary websites by incorporating public website information and linking newly observed websites as nodes in the graph. To preserve user privacy, we extend PassREfinder-FL with a federated learning (FL) approach that eliminates the need to share user sensitive information across administrators. Evaluation on a real-world dataset of 360 million breached accounts from 22,378 websites shows that PassREfinder-FL achieves an F1-score of 0.9153 in the FL setting. We further validate that our FL-based GNN achieves a 4-11% performance improvement over other state-of-the-art GNN models through an ablation study. Finally, we demonstrate that the predicted results can be used to quantify password reuse likelihood as actionable risk scores.