Billions of usernames have fallen into the hands of hackers who are selling compromised logins on the Dark Web. According to a stark new study from Digital Shadows, more than 24billion username and password combinations are being sold on cybercrime marketplaces. That staggering number is equivalent to almost four times the world’s population, which means there’s a chance one of your logins has been stolen without you realising it.
The study from the threat intelligence and digital risk protection firm noted a sharp rise in stolen logins.
Compared to figures from 2020, there has been a whopping 65 percent increase in the number of usernames and passwords obtained by bad actors.
Worryingly, despite many warnings advising against it, the research found people are still using easy-to-guess passwords.
The research found the top 50 most common passwords include passwords, such as the obvious ‘password’ login as well as ‘123456’ and ‘qwerty’.
Out of the top 50 most popular passwords, 49 can be cracked in under one second using tools that are easily obtained on the Dark Web.
Speaking about the study’s findings, Chris Morgan, the senior cyber threat intelligence analyst at Digital Shadows said: “We will move to a ‘passwordless’ future, but for now the issue of breached credentials is out of control.
“Criminals have an endless list of breached credentials they can try but adding to this problem is weak passwords which means many accounts can be guessed using automated tools in just seconds.”
If you’re worried whether any of your logins are compromised, there are a few things you can do right away to protect yourself.
First, you can head to the Have I Been Pwned website and enter your email address or phone number.
If you have been hit by any security breaches the Have I Been Pwned website will let you know, showing you exactly what breach you’ve been affected by.
You then know which websites you need to change your login for.
When changing your passwords, make sure you follow good practice to ensure your logins are as difficult to guess as possible.
This includes using passwords that include a combination of lower and uppercase characters, numbers and special characters.
Also make sure you don’t share passwords across different accounts, even though this helps you to remember multiple logins.
You can use a password manager to help you remember all the different logins you’ve chosen.
And where possible, make sure you enable two-factor authentication when it’s offered as this gives you a crucial extra layer of security.