Experts Insight On New Dark Web Audit Reveals 15 Billion Stolen Logins

A new report has revealed the true extent of stolen account logins to be found circulating on the dark web amongst cybercriminals. The Digital Shadows Photon Research team has spent 18 months auditing criminal forums and marketplaces across the dark web and found that the number of stolen usernames and passwords in circulation has increased by 300% since 2018. There are now more than 15 billion of these stolen credentials, from 100,000 data breaches, available to cybercrime actors. Of this number, some 5 billion are said to be unique, with no repeated credential pairs. The “From Exposure to Takeover” report warns that there’s a “treasure trove of account details” available in cybercrime markets. The 15 billion stolen account logins include credentials, usernames and password pairs, for online banking, social media accounts, and music streaming services. To put it another way, that’s the equivalent of two sets of account logins for every man, woman, and child on the planet.

Experts Comments

July 10, 2020
Will LaSala
Director of Security Services, Security Evangelist
OneSpan
We have been watching the number of stolen credentials rise for over 20 years now, we should not be surprised that we have finally eclipsed the 15 billion credentials number. Concerns are also heightened during a time when many people are still working remotely under lockdown, which presents a field day for hackers of all types, as digital customers are a prime target for cyber-attacks. Now more than ever, users should understand that using a single form of authentication such as a password or.....Read More
We have been watching the number of stolen credentials rise for over 20 years now, we should not be surprised that we have finally eclipsed the 15 billion credentials number. Concerns are also heightened during a time when many people are still working remotely under lockdown, which presents a field day for hackers of all types, as digital customers are a prime target for cyber-attacks. Now more than ever, users should understand that using a single form of authentication such as a password or SMS text or a knowledge-based question and answer, is open to compromise. The web and mobile applications as well as the platforms they run on have numerous holes and backdoors which allow hackers to easily attack using these credentials. Technologies such as multi-factor authentication can help protect the stolen credentials, while technologies such as application shielding can help protect the applications from being attacked. These technologies help strengthen security on the consumer side, but banks can help protect their customers as well by ensuring their risk analytics technologies are up to date and are checking real-time transactions across all applications and channels, looking for anomalies and patterns that are the hallmark of an attack. Hackers have all the information they need to attack billions of users today, but consumers and financial institutions can make things more difficult if the correct technologies are applied.  Read Less
July 09, 2020
Jake Moore
Cybersecurity Specialist
ESET
The dark web is notoriously easy to navigate and inexpensive personal information including passwords and bank details can be found in just a few clicks even for the inexperienced. Although it’s sad to think that our personal data will inevitably end up for sale, it is somewhat safer to assume it could which in turn may force users to make changes to their data habits. The current advice on passwords is that if they are all unique and long, then you should try and change them all once a.....Read More
The dark web is notoriously easy to navigate and inexpensive personal information including passwords and bank details can be found in just a few clicks even for the inexperienced. Although it’s sad to think that our personal data will inevitably end up for sale, it is somewhat safer to assume it could which in turn may force users to make changes to their data habits. The current advice on passwords is that if they are all unique and long, then you should try and change them all once a year. If you are using a password manager this can be a rather simple task which helps you stay in control of your accounts and stay more secure. If passwords are convenient to the user, they are usually even more convenient to a hacker. Making changes to your financial details isn’t so straightforward to edit so it is worth checking your banking apps daily to monitor for any unusual activity.  Read Less
July 09, 2020
Paul Bischoff
Privacy Advocate
Comparitech
The report demonstrates why it's important to never reuse passwords across multiple accounts. Given that most of us have dozens of online accounts, it's best to assume at least one has been compromised and the password leaked. Cybercriminals will use that same password and username or email combination to attempt logins on other accounts, an attack known as credential stuffing. Always use unique passwords for each account and use a password manager if you have trouble memorizing them all. Check .....Read More
The report demonstrates why it's important to never reuse passwords across multiple accounts. Given that most of us have dozens of online accounts, it's best to assume at least one has been compromised and the password leaked. Cybercriminals will use that same password and username or email combination to attempt logins on other accounts, an attack known as credential stuffing. Always use unique passwords for each account and use a password manager if you have trouble memorizing them all. Check Have I Been Pwned to see if your email was included in any known data breaches, and be sure to change passwords on those accounts. Enable two-factor authentication wherever possible to prevent unauthorized access even if the attacker has your password.  Read Less
July 09, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
Reports like this demonstrate how login details from one data breach can be used to access accounts on other sites and services. This puts added emphasis on my constant recommendation to never use a password on more than one account. Unique passwords help ensure that bad guys will not be able to access your checking account simply because they have your Hulu password. I also strongly suggest users implement two-factor authentication (2FA) for their accounts whenever it is available. The added.....Read More
Reports like this demonstrate how login details from one data breach can be used to access accounts on other sites and services. This puts added emphasis on my constant recommendation to never use a password on more than one account. Unique passwords help ensure that bad guys will not be able to access your checking account simply because they have your Hulu password. I also strongly suggest users implement two-factor authentication (2FA) for their accounts whenever it is available. The added requirement of an extra piece of information (such as codes sent via text or email or that are generated by a second app or security fob) or a biometric identification such as a fingerprint or facial identification. Both of these add an additional and important layer of protection for accounts.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.