To be precise, about 15 billion usernames and passwords are for sale on illegal sites, a number that suggests the huge flow of data from malicious agents.
According to the report “From Exposure to Takeover" from Digital Research Shadows Photon Research Team, about 100.000 separate violations data have been conducted over a period of two years. This shows that there is a 300% increase in stolen credentials, which gives a huge variety of credentials to hackers which can be used for various illegal activities.
Most of the credentials come from consumers and while most are sold in forums, with an average price of $ 15,43, many of them are provided free of charge.
As he said Rick Holland, CISO and Vice President of Strategy at Digital Shadows, the malicious agents they use many different techniques to steal this data and adds that it is very easy for them to do so.
"The huge number of stolen credentials is impressive and in the last 1,5 years, we have identified and alerted our customers to some 27 million credentials - which could affect them directly," Holland said.
In addition, the exhibition emphasizes another great one problem which continues to exist and is none other than that users still do not take their security seriously. Their main mistake is that they do not change their passwords often or use them for multiple services.
Credentials include usernames and passwords for everything from bank accounts to streaming services and antivirus programs.
Unsurprisingly, credentials for bank and other financial accounts are the most expensive to buy and are sold on average for $ 70,91 per item. The following are the data for access to virus protection programs, with average value $ 21,67.
Apart from ordinary consumers, however, also Companies are in risk. The big "problem with passwords" has plagued the security industry for years. Digital Shadows researchers advise businesses to monitor credentials leaked by their employees, monitor company and trademark references in various forums, and train their staff about the risks of re-accessing passwords.