By now, we're all aware that the Dark Web is full of stolen passwords, but new data revealing how many there actually are floating around on there should be a wakeup call.
Over the course of two and a half years, researchers at Digital Shadows have been investigating how cybercriminals go about taking over online accounts to sell access to them. As it turns out, it's never been easier for them.
Billions and billions of passwords
According to the recently published findings, there are more than 15 billion credentials in circulation on the Dark Web, up by 300% since 2018 and coming from 100,000+ discrete breaches.
The bulk of these credentials belong to consumer accounts, some of which are just given away for free. The fact that these breached accounts are shared so frequently indicates that the users they belong to are not even aware that they've been hacked, otherwise they would have already changed their passwords.
Out of all those billions of usernames and passwords floating around on the Dark Web, only 5 billion were found to be "unique" and not have repeated credential pairs. In other words, only 5 billion of those passwords weren't reused across multiple accounts.
These unique accounts with passwords that can't easily be guessed are where the money's at. Bank login credentials were found to sell for the highest value, at an average price of $70.91, while credentials for antivirus software accounts came in second at $21.67.
The password problem
All these account takeovers are only possible thanks to a handful of bad password habits that a lot of people out there just can't seem to kick.
Setting weak passwords for accounts and reusing the same password across multiple accounts make it easy for a cybercriminal to figure out these passwords via brute force or credential stuffing attacks.
In some cases, the passwords people could have already been strong and unique, but got compromised in a data breach and were never changed afterwards.
The password solution
The best and easiest way to ensure that you're practicing good password hygiene is by using a password manager.
The MYKI password manager and authenticator allows you to generate strong and unique passwords for each of your online accounts and securely store them on your own devices. You can also use MYKI's free Was I Hacked? tool to check if any of your accounts have been compromised in any data breaches and give them new passwords.
Download the MYKI app on mobile or desktop today and start taking control of your digital identity.