24 billion Account Credentials Stolen by Cybercriminals
How secure do you think your passwords are? If you think your account credentials are impenetrable, think again.
As of 2022, more than 24 billion account usernames and passwords have been exposed by cyberthreat malicious actors, according to a recent report by Digital Shadows. The report is almost a carbon copy of their research on account takeover (ATO) attacks in 2020, which showed the scale of credentials available on cybercriminal locations like the dark web, and just how easy it is for crooks to steal, exploit and sell access to stolen accounts.
The 24 billion – 24,649,096,027, to be precise – compromised credentials represent a 65 percent increase from 2020. The report says this is likely fueled by an enhanced ability to steal credentials through dedicated malware and social engineering, plus improved credential sharing.
Information-stealing malware persists as a significant threat to credentials. Some of these tools can be bought for as little as $50, and some go for thousands of dollars, depending on functionality.
Of course, you can help protect your credentials and your organization by maintaining a policy of strong passwords. The most common password – 123456 – represented 0.46 percent of the total 6.7 billion unique credentials. The top 100 most common passwords represented 2.77 percent of this figure.
Offline attacks usually produce the best results for cracking passwords – 49 of the top 50 most used passwords could be cracked in less than a second. Adding a special character to a basic ten-character password adds about 90 minutes to that time. Adding two special characters boosts the offline cracking time to around two days and four hours.
For expert cybersecurity advice, partner with 2W Tech. We are a technology services provider who specializes in solutions for the manufacturing industry. Call 2W Tech today to strengthen your cybersecurity posture.
Connecticut Becomes Fifth State to Enact Privacy Laws