Saturday, June 15, 2024

TOP 10 Most Dangerous logins most regularly found for sale online

Over 24 billion usernames and passwords are up for grabs on cyber-criminal marketplaces and the amount of breached credentials is still rising as hackers take advantage of weak and re-used passwords. 

Analysis by cybersecurity researchers at Digital Shadows found that there’s been a 65% increase in usernames and passwords sold, traded or dumped in cyber-criminal forums and underground marketplaces. 

Of the usernames and passwords available across hundreds of underground marketplaces, 6.7 billion were unique – up by a third when compared with previous analysis in 2020 – indicating that many usernames and passwords are being accessed and stolen multiple times, likely without the victim even being aware. 

One of the reasons for this trend is because many accounts use common or weak passwords, making them easy for cyber criminals to steal simply by just guessing passwords. 

The paper says the most commonly leaked password that was found over 30 million times – and accounting for 0.46% of all unique passwords, or nearly one in 20 of the total – is ‘123456’, which is one of the simplest passwords around. There were also millions of instances of other simple passwords, including over 17 million cases of ‘123456789’, over 10 million passwords which are ‘qwerty’, 10 million which are ‘12345’, and almost nine million that are simply ‘password’. 

The 10 most common passwords found in the data:

  • 123456
  • 123456789
  • Qwerty
  • 12345
  • Password
  • Qwerty123
  • 1q2w3e
  • 12345678
  • 111111

According to the Digital Shadows report, of the 50 most commonly used passwords, 49 can be cracked in under one second via easy-to-use tools commonly available on criminal forums that are often free or for sale for small amounts. That means that if someone is using one of these passwords and they’ve not yet been hacked, it isn’t going to be hard for cyber criminals to do so. 

Recommended:  Sina Weibo, China's Twitter Analogue, Reveals Users' Locations and IP Addresses

“The top 50 is a mix of what you’d expect: almost all are incredibly weak, easily guessable, and related to something the user could easily remember,” the researchers said.

“We saw strings of easily remembered numbers, like 123456 … and it’s painful to admit that was the most common password. That password actually represented 0.46 percent of our total number of the 6.7 billion unique credentials.” 

The researchers noted that although probably a big portion of these top passwords were used for mundane accounts, like a TV or smart thermostat, they’re also likely to be in wide use across more sensitive accounts.  

One of the most common forms of cybersecurity advice is that users should use strong, unique passwords, but with so many common and weak passwords posted on underground marketplaces, it appears that the message isn’t getting through. So why is this? 

Passwords are complicated, and remembering those complex trains of letters and numbers is something we find hard. “We are not programmed that way – our brains don’t work that way – so it is a hard and complex task for us,” Stefano De Blasi, cyber-threat intelligence analyst at Digital Shadows told ZDNet. 

The number of different accounts is also a problem as we’re told it’s good cybersecurity hygiene to use a different password for each of these accounts. But it’s difficult to remember many different passwords, so many people choose convenience over security – and use the same passwords repeatedly.  

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Recommended:  Cheat Sheet for Analyzing Malicious Software

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates