Experts Insight On New Dark Web Audit Reveals 15 Billion Stolen Logins

A new report has revealed the true extent of stolen account logins to be found circulating on the dark web amongst cybercriminals. The Digital Shadows Photon Research team has spent 18 months auditing criminal forums and marketplaces across the dark web and found that the number of stolen usernames and passwords in circulation has increased by 300% since 2018. There are now more than 15 billion of these stolen credentials, from 100,000 data breaches, available to cybercrime actors. Of this number, some 5 billion are said to be unique, with no repeated credential pairs. The “From Exposure to Takeover” report warns that there’s a “treasure trove of account details” available in cybercrime markets. The 15 billion stolen account logins include credentials, usernames and password pairs, for online banking, social media accounts, and music streaming services. To put it another way, that’s the equivalent of two sets of account logins for every man, woman, and child on the planet.

Will LaSala, Director of Security Services, Security Evangelist ,  OneSpan
July 10, 2020
Hackers have all the information they need to attack billions of users today.
We have been watching the number of stolen credentials rise for over 20 years now, we should not be surprised that we have finally eclipsed the 15 billion credentials number. Concerns are also heightened during a time when many people are still working remotely under lockdown, which presents a field day for hackers of all types, as digital customers are a prime target for cyber-attacks. Now more t ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
July 09, 2020
The current advice on passwords is that if they are all unique and long, then you should try and change them all once a year.
The dark web is notoriously easy to navigate and inexpensive personal information including passwords and bank details can be found in just a few clicks even for the inexperienced. Although it’s sad to think that our personal data will inevitably end up for sale, it is somewhat safer to assume it could which in turn may force users to make changes to their data habits. The current advice on pa ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
July 09, 2020
Enable two-factor authentication wherever possible to prevent unauthorized access even if the attacker has your password.
The report demonstrates why it's important to never reuse passwords across multiple accounts. Given that most of us have dozens of online accounts, it's best to assume at least one has been compromised and the password leaked. Cybercriminals will use that same password and username or email combination to attempt logins on other accounts, an attack known as credential stuffing. Always use unique p ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
July 09, 2020
Unique passwords help ensure that bad guys will not be able to access your checking account simply because they have your Hulu password.
Reports like this demonstrate how login details from one data breach can be used to access accounts on other sites and services. This puts added emphasis on my constant recommendation to never use a password on more than one account. Unique passwords help ensure that bad guys will not be able to access your checking account simply because they have your Hulu password. I also strongly suggest user ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article