learn cybersecurity
Analysis by cybersecurity researchers at Digital Shadows found that there’s been a 65% increase in usernames and passwords sold, traded or dumped in cyber-criminal forums and underground marketplaces.
Of the usernames and passwords available across hundreds of underground marketplaces, 6.7 billion were unique – up by a third when compared with previous analysis in 2020 – indicating that many usernames and passwords are being accessed and stolen multiple times, likely without the victim even being aware.
One of the reasons for this trend is because many accounts use common or weak passwords, making them easy for cyber criminals to steal simply by just guessing passwords.
The paper says the most commonly leaked password that was found over 30 million times – and accounting for 0.46% of all unique passwords, or nearly one in 20 of the total – is ‘123456’, which is one of the simplest passwords around. There were also millions of instances of other simple passwords, including over 17 million cases of ‘123456789’, over 10 million passwords which are ‘qwerty’, 10 million which are ‘12345’, and almost nine million that are simply ‘password’.
According to the Digital Shadows report, of the 50 most commonly used passwords, 49 can be cracked in under one second via easy-to-use tools commonly available on criminal forums that are often free or for sale for small amounts. That means that if someone is using one of these passwords and they’ve not yet been hacked, it isn’t going to be hard for cyber criminals to do so.
“The top 50 is a mix of what you’d expect: almost all are incredibly weak, easily guessable, and related to something the user could easily remember,” the researchers said.
“We saw strings of easily remembered numbers, like 123456 … and it’s painful to admit that was the most common password. That password actually represented 0.46 percent of our total number of the 6.7 billion unique credentials.”
The researchers noted that although probably a big portion of these top passwords were used for mundane accounts, like a TV or smart thermostat, they’re also likely to be in wide use across more sensitive accounts.
One of the most common forms of cybersecurity advice is that users should use strong, unique passwords, but with so many common and weak passwords posted on underground marketplaces, it appears that the message isn’t getting through. So why is this?
Passwords are complicated, and remembering those complex trains of letters and numbers is something we find hard. “We are not programmed that way – our brains don’t work that way – so it is a hard and complex task for us,” Stefano De Blasi, cyber-threat intelligence analyst at Digital Shadows told ZDNet.
The number of different accounts is also a problem as we’re told it’s good cybersecurity hygiene to use a different password for each of these accounts. But it’s difficult to remember many different passwords, so many people choose convenience over security – and use the same passwords repeatedly.
Suggest an edit to this article
Go to Cybersecurity Knowledge Base
Got to the Latest Cybersecurity News
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
This post was last modified on 19 June 2022 3:58 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment