Credential abuse is something that happens only to CEOs or very rich people or employees of fortune 500 companies right? Nope. It’s everywhere, and your compromised passwords and usernames are enabling all kinds of cyber criminals to perform all kinds of account takeover (ATO) attacks. 24,649,096,027 account usernames and passwords have been leaked by cyber-threat actors, as of this year. That’s a big number―one that should shake the cyber security community at its core. But despite this number, which increases exponentially each year, and the deluge of reports highlighting the risk of insecure credentials, you still have a friend or an officemate or boss, who’s carefully typing 123,456 into a password field right now.
The Digital Shadow team collated more than 24 billion leaked credentials from the dark web. That’s a 65 percent increase from 2020, likely caused by an enhanced ability to steal credentials through new ransomwares, dedicated malware and social engineering sites, plus improved credential sharing. Within this leaked usernames and passwords, approximately 6.7 billion credentials had a unique username-and-password pairing, indicating that the credential combination was not duplicated across other databases. This number was 1.7 billion more than found in 2020, highlighting the rate of data breach across completely new credential combinations.
The most common password, 123,456, represented 0.46 percent of the total of the 6.7 billion unique passwords. The top 100 most common passwords represented 2.77 percent of this number. Information-stealing malware and ransomware persists as an important threat to your privacy. Some of these malwares can be bought for as little as $50, and some go for thousands, depending on features.
