Around 15 billion credentials are currently for sale on various hacker forums out of which 100,000 data breaches and over five billion of those credentials are unique, with no repeated credential pairs
If you are using the same old password, it's time to change!
Around 15 billion credentials are currently for sale on various hacker forums out of which 100,000 data breaches and over five billion of those credentials are unique, with no repeated credential pairs. Over the past two years, credentials have been stolen in more than 100,000 separate data breaches.
The stolen credentials are offered free of charge or are traded online, although many are sold. The average cost for a username/password combo is $15.43.
Valuable credentials of the banking/financial services account made up most of the listings and the most premium:$70.91 each.
The second most expensive account accesses were for anti-virus and security solutions for an average price of $21.67.
All other types of accounts were, on average or significantly below $10, including social media accounts, file-sharing services, and both music and video streaming.
In the criminal underworld, administrator accounts are most valuable as they not only give access to a network but also feature the highest level of control and faith with high unlimited permission.
The commoditization of breached credentials has increased by 300% since 2018.
Threat actors gain entry to these credentials in a number of ways—among them phishing, credential-stealing malware and credit-card skimmers–and it’s never been simple for them to lift this type of sensitive data from user accounts, reported Rick Holland, CISO and vice president of strategy at Digital Shadows, in a press statement.
How to solve the “password” problem?
- Never use the same passwords for every site. Consumers should use different passwords for every account.
- Change your passwords frequently.
- Always use complex passwords.
- Poor password hygiene, including reusing passwords or picking easy-to-guess passwords, is greatly worsening.
- Always use multi-factor authentication for extra protection, because it alerts you that someone tried to get into your account.
Digital Shadows researchers for their part recommend that businesses monitor for leaked credentials of their employees, keep an eye out for mentions of their company and brand names across cracking forums and educate their staff about the dangers of password reuse.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online