Wednesday, October 21, 13:51
Home security Passwords face the greatest risk of exposure

Passwords face the greatest risk of exposure

The average person uses 191 services that require a password or other credentials, according to a report by cybersecurity company Digital Shadows. All of these usernames, passwords and other credentials are becoming increasingly vulnerable as criminals increase and refine their "credential-hacking functions," the report said.


There are more than 15 billion stolen credentials on the market - a 300% increase from 2018. The source of these credentials: 100.000 breaches.

Of these 15 billion, 5 billion are unique, meaning they are not the same passwords used in different accounts. Most of these credentials belong to ordinary users. The report emphasizes, as many security experts do, that users they should never use the same password on different accounts.

"The message is simple - users must use different passwords for each account," said Rick Holland, CISO of Digital Shadows.

The businesses and people whose emails are public should also be careful.

How valuable is a password? Although the Criminals of cyberspace offer many credentials for free, those sold cost an average of $ 15,43, the report explained.

See how criminals value your credentials:

  • Access to the organizations' basic systems sells for up to $ 140.000, with an average selling price of $ 3.139.
  • Bank and other financial accounts sell for an average of $ 70,91.
  • Account access for antivirus software costs about $ 21,67.
  • Multimedia streaming accounts, social media, file sharing, virtual private networks (VPNs) and adult content sites sell for less than $ 10.

What drives all this criminal activity? The violation of one account "It has never been easier (or cheaper) for cybercriminals," the report said.

The so-called brute force cracking tools are available on the dark web and sell for an average of $ 4. The attacks Brute Force are generally those where an attacker tries to guess passwords based on common passwords, hoping to guess correctly.

Criminals can also buy Account Takeover (ATO) "as-a-service". Essentially, the criminal rents an ID, often for less than $ 10.

The Sentry MBA is a very popular tool, as is OpenBullet.

The report cited the Verizon Data Breach Report, which reported that more than 80% of hacking-related breaches were committed using the brute-force cracking or by using lost / stolen credentials.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


PCI Pal: 7 out of 10 will not shop from infringing companies

As a new research by PCI Pal showed, consumers seem to be more worried about the shopping they will do in ...

The new Microsoft Edge is now mandatory on Windows 10 20H2

Today's version of Windows 10 20H2 is the first version that automatically replaces Microsoft Edge Legacy with the new Microsoft ...

Windows 10 1909 KB4580386 fixes various issues

Microsoft has released the monthly cumulative update KB4580386 of Windows 10 1909 with quality improvements and corrections to the Microsoft Xbox Game Pass, ...

The Nefilim ransomware gang leaked Luxottica files

The hackers behind Nefilim ransomware have published files on the internet, which seem to belong to the well-known company that manufactures and sells ...

Cisco: Vulnerability CVE-2020-3118 is used in some attacks

Cisco today warned of some attacks that actively target the high-severity vulnerability CVE-2020-3118, which has been found to affect many routers ...

Google: Chrome patch released for zero-day vulnerability fix

Google yesterday released the new version of Chrome 86.0.4240.111, with security updates, to fix a zero-day vulnerability that, according to ...

Microsoft: Said to Shut Down 94% of TrickBot C&C Servers!

Last week, Microsoft-led cybersecurity companies joined forces to crack down on TrickBot, one of ...

Vulnerabilities in MobileIron MDM servers used by hackers

Government hacking teams and other criminals exploit vulnerabilities in MobileIron MDM servers and gain access to corporate networks.

Albion Online: The forum of the popular online game has been violated!

A popular online role-playing game has revealed that its user forum has been breached, exposing email addresses and encrypted passwords ...

Iranian CEO guilty of conspiracy and breach of US sanctions!

The United States has sentenced the CEO of a financial services company to 23 months in prison for allegedly helping Iranian nationals carry out financial ...