In the report, security company Digital Shadows makes an instructive observation: Its researchers have found billions upon billions of stolen ID and password combinations available on the Internet or the dark web. Rapid number.
This is the number that makes you dizzy. As part of the account breach report, security firm Digital Shadows reveals that its researchers found 24,649,096,027 username/password combinations (yes, that’s for sure) offered by cybercriminals for sale on forums or marketplaces on the internet… or on the dark web.
There are clearly duplicates in these over 24 billion passwords. Some pirates specialized in reselling “packs” of old leaks. But still, there is a good chance that at least one of your passwords, perhaps even a recent one, has been affected by this gigantic personal data traffic. Because Digital Shadows also indicates that it has discovered 6.7 billion unique combinations of IDs and passwords, which is information that was not in previous leaks.
Perhaps even more worrying is that the numbers are skyrocketing. Digital Shadows explains that the number of stolen passwords has increased by 65% compared to the previous study, which dates back to 2020. And over 1.7 billion additional unique combinations, a 34% increase.
A problem that grows every year
Digital Shadows detectives are in despair: the report indicates that weak passwords are still plentiful, which greatly facilitates the work of hackers. For example, they found less than 30 million occurrences of the world’s worst password: “123456”!
The most common passwords… are not very surprising // Photo: Digital Shadows
This is all the more problematic as recovering and using your passwords has never been easier, with phishing emails ready to use kits to infect thousands of PCs or corrupted smartphone apps. Hackers have sophisticated tools that are easy to use and constantly updated, allowing them to not only siphon your sesame seeds, but also trade them, buy or sell them… Then quickly test them on thousands of popular websites. A real cybercrime industry that can cost you dearly if you’re not careful.
So, we can never repeat this enough: use strong passwords, as we explained to you in a recent article. But this may not be enough, for example, in the case of phishing. This is why it is necessary to use dual authentication as soon as possible, even if it is a bit restrictive in everyday life. Another handy reminder: You can go to the excellent Have I Been Pawned site and test different emails to see if it’s part of a series of usernames and passwords leaked online.
However, we can hope that in a few years these massive thefts will be ancient history. Because the digital giants are finally getting better at protecting us and getting rid of passwords. Thus, Google, Apple, Microsoft agreed to comply with the Multi-device FIDO standard. This replaces passwords with cryptographic keys, which will greatly complicate the life of cybercriminals, forbidding, in particular, any possibility of phishing. It’s time.