Posted on June 20, 2022 at 1:29 PM
Security researchers have warned that hackers have stolen billions of passwords from users. The hackers are now selling the compromised login details on Dark Web. A recent study from Digital Shadows revealed that over 24 billion username and password combinations have been made available on the dark net.
This massive number is nearly four times the population of the world. This means that there is a high possibility that many people could have one of their passwords exposed without realizing it.
Number Of Compromised Credentials Rise Massively
The study also revealed that there is a massive increase in the number of stolen login details. When compared to the figures in 2020, there has been an enormous 65% surge in the number of usernames and passwords stolen by threat actors and available on the dark net.
Disturbingly, despite several warnings from cybersecurity experts advising against using easy-to-guess passwords, the researchers discovered that many people are still using passwords that make the attacker’s hacking jobs easier.
The researchers also discovered in their study that ‘qwerty’, ‘123456’, and the obvious ‘password’ login are among the top 50 most common passwords. Out of the top 50, only one is a bit more difficult to crack, while 49 of them can be exposed within a second using tools easily available on the Dark Web.
Senior cyber threat intelligence analyst at Digital Shadows, Chris Morgan, spoke about the worrying scenario. “We will move to a ‘passwordless’ future, but for now the issue of breached credentials is out of control,” he stated.
The Cracking Tools Are Very Affordable For The Threat Actors
Morgan added that threat actors now have in their possession, an infinite list of compromised credentials they can use to exploit systems. But this problem has been made complicated due to the wide use of weak passwords. As a result, the hackers can use simple tools on the Dark Web to guess most of these passwords within seconds.
The attack is rampant because some of these tools are cheap to buy from the Dark Net, with some going as little as $50. Digital Shadows noted that it has alerted its clients about over 6 million compromised credentials in the last 18 months.
The risk of account seizure has become more rampant in recent months after the emergence of the Lapsus$ threat group
Users Can Use ‘Have I Been Pwned” To Verify Their Account Safety
The security researchers have asked users to check whether their passwords have been exposed. There are several ways users can verify whether their account details are still safe and not compromised. One of them is to use the “Have I Been Pwned” website and enter their Any user that has had their details exposed on the Dark Web will be informed by the website.
It will also provide more information regarding the nature of the breach. The website gathers login details from the internet from several platforms. Most of these usernames and passwords have been exposed on the Dark Web by threat actors from several hacking incidences.
Once the user discovered that their details have been exposed, they are advised to quickly change their passwords to avoid falling victim to phishing attacks in the future. But they should make sure that follow good practice to make their login details very difficult to decipher by any hacking tool.
A typical strong password will include numbers, symbols, special characters, and a combination of uppercase and lowercase characters.
Users Urged To Use 2-Factor Authentication
Another security measure is for users to ensure they do not share passwords across different accounts. Once a password has been compromised, any other account sharing the same password becomes automatically exposed. This means that a threat actor can use the same password to access another account, stealing sensitive information in the process.
As a result, users have been advised to use a unique password for each account they maintain online. This may prove very cumbersome, especially for those maintaining accounts. But a password manager is always available to enable the user to remember all their passwords at different logins.