There’s no easier technique to hack somebody’s account than to enter their username and password. In reality, risk actors routinely leak customers’ login credentials on the darkish internet, the place they are often bought by cybercriminals and fraudsters to commit additional crimes.
According to analysis launched right this moment by Cybercrime Analytics (C2A) supplier SpyCloud, researchers found 721.5 million uncovered credentials on-line in 2022. Many of those credentials have been harvested from third-party enterprise functions uncovered to malware.
To make issues worse, researchers additionally discovered that 72% of customers whose credentials have been uncovered in final 12 months’s breaches have been discovered to be nonetheless utilizing already-compromised passwords.
Passwords: The quickest path to enterprise information
For safety leaders, this analysis highlights that password safety — and making certain that workers aren’t reusing compromised credentials — are important for mitigating dangers to information property. Failure at this may end up in important publicity to account takeover makes an attempt.
“Cybercriminals can use exposed credentials to gain illegitimate access to enterprise networks under the guise of employee and consumer accounts, opening the door for more cyberattacks such as the distribution of ransomware and malware, additional data theft, and synthetic identity creation,” stated Trevor Hilligoss, director of safety analysis at SpyCloud.
“If the credentials were freshly stolen via malware and remain active, they pose a long-term threat to corporations as criminals can use the same credentials to access accounts until the issue is identified and addressed,” Hilligoss stated.
With such a excessive quantity of uncovered login credentials obtainable on-line, it’s essential to remind workers to pick sturdy passwords, periodically change them (notably in the event that they consider they’ve been uncovered on-line), and use a password administration answer to assist keep away from reuse of credentials throughout a number of on-line accounts and companies.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize information about transformative enterprise expertise and transact. Discover our Briefings.