Describe a time when you had to investigate a suspected credential stuffing attack on a high-traffic user login portal.