The compromised credentials and personally identifiable information (PII) are one of the most data pieces stolen and used by the cybercriminals.
Big research was made by a team of cybersecurity experts. During the research they managed to successfully recover an astonishing number of 3,457,017,136 exposed sets of online account credentials and PII from 2,882 different sources; and the numbers are not the only one big, it was also found that many of these data pieces came from high-profile data breaches that led to credentials going up for sale on dark web forums and marketplaces.
Even if the first tow discoveries were big the third one was by far the most dangerous and threatening one: it seems that from the 3.5 billion of exposed data pieces, 2.6 billion included a password.
This kind of big cybersecurity flaws happens because at least 24 percent of users recycled a password, with an overwhelming 90 percent of that segment reusing an exact match as far as spelling, capitalization, special symbols, and arrangement.
Just 7 percent of those users just added one or two numbers onto the end of their preferred, recycled password. If you use this kind of practice it literally shows that you have a poor password that only makes the job easier for criminals to do an account takeover for example.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For those who don’t know account takeover facilitated by weak or stolen passwords is still one of the leading causes of fraud today. This type of cyber attack is one of the frequent types of attack because cybercriminals understand how incredibly easy and effective it is to compromise online accounts at scale using software tools freely available for download.
From all the gathered passwords 87 percent of them were recovered from the encrypted password hashes. Of those passwords, 25 percent used md5, 22 percent used bcrypt, 17 percent used sha1, 10 percent used snefru-256 and 6 percent used sha512.
Among the unencrypted passwords, the most popular was “123456” used by more than 39 million users); the password: “password” comes in 2nd, being the choice more than 7 million accounts. The other passwords were based on popular sports and teams, country names and large cities.
Interestingly is the fact that “anhyeuem” – Vietnamese for “I love you” is too on top 15 most common plaintext passwords.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.