There’s no easier solution to hack somebody’s account than to enter their username and password. In reality, risk actors routinely leak customers’ login credentials on the darkish internet, the place they are often bought by cybercriminals and fraudsters to commit additional crimes.
According to analysis launched immediately by Cybercrime Analytics (C2A) supplier SpyCloud, researchers found 721.5 million uncovered credentials on-line in 2022. Many of those credentials had been harvested from third-party enterprise purposes uncovered to malware.
To make issues worse, researchers additionally discovered that 72% of customers whose credentials had been uncovered in final yr’s breaches had been discovered to be nonetheless utilizing already-compromised passwords.
Passwords: The quickest path to enterprise knowledge
For safety leaders, this analysis highlights that password safety — and guaranteeing that workers aren’t reusing compromised credentials — are important for mitigating dangers to knowledge property. Failure at this can lead to important publicity to account takeover makes an attempt.
“Cybercriminals can use uncovered credentials to achieve illegitimate entry to enterprise networks beneath the guise of worker and client accounts, opening the door for extra cyberattacks such because the distribution of ransomware and malware, extra knowledge theft, and artificial id creation,” mentioned Trevor Hilligoss, director of safety analysis at SpyCloud.
“If the credentials had been freshly stolen through malware and stay energetic, they pose a long-term risk to firms as criminals can use the identical credentials to entry accounts till the problem is recognized and addressed,” Hilligoss mentioned.
With such a excessive quantity of uncovered login credentials obtainable on-line, it’s necessary to remind workers to pick sturdy passwords, periodically change them (significantly in the event that they imagine they’ve been uncovered on-line), and use a password administration resolution to assist keep away from reuse of credentials throughout a number of on-line accounts and companies.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve information about transformative enterprise expertise and transact. Discover our Briefings.
