A study finds over 24 billion compromised credentials on the black web, some of which are so weak that it would just take a second to crack them.
Credentials Up for Grabs in Marketplaces
According to a recent analysis by risk management and threat intelligence company Digital Shadows, around 24.6 billion login and password combinations are available to cybercriminals in the dark corners of the internet. Since 2020, the amount of hacked credentials available on the dark web has increased by 65%, according to the threat intelligence firm.
Toolbox reported that around 6.7 billion of the compromised credentials had a unique username-and-password combination, which is 1.7 billion higher than 2020. A unique credential indicates that the combination of credentials has not been duplicated in other databases. According to Toolbox, Digital Shadows collected over 10.3 billion compromised credentials online in 2019, and the company predicts that more credentials will continue to be stolen in 2022.
'123456' and 'password' Are Still Popular Passwords
Passwords that are easy to guess are still popular among consumers. The top 50 most frequent passwords, according to Digital Shadows, are extremely easy to guess and merely consist of the word "password" or a string of readily recalled numbers. Of the 6.7 billion unique hacked passwords, "123456" accounts for about one in every 200 or 30,679,190. "Qwerty" and "1q2w3e" are also popular keyboard combinations.
Security Magazine said that of the 50 most commonly used passwords, 49 can be "cracked" in under one second via easy-to-use tools commonly available on criminal forums, which are often free of charge or at minimal cost.
Read More: Zoom Critical Vulnerabilities CVE-2022-22786 and CVE-2022-22784 Required No User Action To Attack
What Are These Passwords Being Exchanged For?
Toolbox mentioned that the majority of these stolen credentials end up on darknet markets, where they're sold for a price that varies depending on the account's age, the buyer's reputation, and the amount of the data file on offer.
The price is also affected by whether the password file is encrypted or in plain text.
Ways to Have Stronger Passwords
Security Magazine reported that adding one special character (such as ? ! @ # or _) to a normal 10-character password increases the time it takes an offline assault to crack the password by about 90 minutes. Adding two special characters is more recommended as cracking these passwords would take about two days and four hours. It is worth noting that criminals will instead target accounts that are easier to hack, making it considerably less likely that a person will be targeted.
As per Security Magazine, citing Digital Shadows, you can do the following steps to ensure that you have strong passwords.
-
Use a password manager so you can make more complex passwords without the need to remember them.
-
If your account provider allows it, use multi-factor authentication (MFA). PINs, facial recognition, fingerprints, or inserting a USB key can be used to validate identification and replace passwords.
-
Use an authentication app. Every 30 seconds, these create a new random six-digit code that a user must enter on the website to which they are attempting to authenticate.
Related Article: Emotet Malware Gang Targets Chrome-based Credit Card Data
