Millions of credentials have just come out on the Dark Web. Are your passwords leaking?
Databases totaling over 773 MILLION unique email addresses and passwords—stored in 12 THOUSAND separate files— recently popped up on the Dark Web on an underground hacking forum. This volume of data has led many cybersecurity experts grave concern that many business and personal accounts may soon be compromised.
In further examining this data, several cyber forensic researchers identified nearly 1.16 Billion unique email and password combinations. And upon further data scrubbing, experts believe the total number of accounts was close to 773 Million—the single largest collection of credentials to ever have been exposed on the Dark Web.
Security experts want to underscore that a huge chunk of those passwords are completely accessible—meaning that even inexperienced criminals without technical acumen to decipher, decrypt or manipulate data could easily take many of these passwords. There are 21 Million full passwords ready for criminals to plug and play. Experts warn that hackers are trying these passwords and derivatives of them to easily crack into business accounts.
What this major data dump reveals is that data breaches are the new normal in the Digital Age.
Thousands of breaches. This data represents many thousands of compromises of databases. While some of the breaches that contributed to this data dump are thought to go back nearly a decade, many are suspected to be relatively recent.
This might be good news to those of you who change your passwords regularly, but a wakeup sign to those of you that don’t. Passwords today are not those of 5 or 10 years ago. The easiest way to fight password hacking in 2019 is to consistently be changing your passwords.
Hackers are going at password hacking by brute force attacks—they are looking at every single character combination to figure out your user passwords. If you leave your password unchanged over the course of months, if someone really want to get onto your business network, they’ll most likely be able to.
Even more frequent: hackers are sidestepping brute force attacks in favor of quicker word association techniques. They scrape every piece of information they can find on you—birth dates, home town, etc.—and use those words and numbers to figure out pieces of your passwords. If your users are reusing passwords for multiple accounts, don’t think twice that they won’t try and reuse already compromised password strings and derivatives to crack business accounts.
The bottom line: your users are likely not changing their passwords and at this point they might be putting your organization at risk of a major data breach or cyberattack. Experts strongly recommend getting a network security assessment to evaluate user passwords and determine who will need to change security habits on your network.
The Threat To Your Organization Is In Plain Site
Whether that huge Equifax attack a few years back or the hundreds of major breaches that likely touched someone in your organization over the past 12 months, criminals have their sticky fingers on a TON of passwords and credentials. Don’t think they aren’t targeting organizations like yours armed with data from LinkedIn, Facebook and other social media platforms with specific user names to work.
Massive data breaches in the past year have often been overlooked with bigger news stories like the city of Atlanta falling to a ransomware attack—or hospitals completely shut down because hackers were able to relatively easily penetrate their network security.
But what many organizations don’t realize is how vulnerable they are—and one key component might be how secure their user passwords are.
My advice to you: get a network health check!
Network security assessments are probably the easiest way to identify where your risks lie. [Note: we offer a free assessment simply because I hate cleaning up cyber messes from organizations that fail to understand their risks and the consequences of poorly managed network security].
Network health checks should include an evaluation of your users, how active they are on your network, when the last time they logged in and when they last changed their password.
On average, nearly 40% of users NEVER change passwords or use passwords that they use for other less important accounts, such as Facebook and LinkedIn—2 huge organizations that have succumbed to major credential breaches over the last couple of years.
If you’re not convinced that you have a problem, let me leave you with one last thought:
When Your Organization Is Shut down By Ransomware Through No Fault Of Your Own, Will They Call You Stupid…Or Just Irresponsible?
It’s EXTREMELY unfair, isn’t it? Victims of other crimes – burglary, mugging, carjacking, theft – get sympathy from others. They are called “victims” and support comes flooding in.
If Your Office Were Attacked, You Will Not Get Such Sympathy. You Will Be Investigated and Questioned about what you did to prevent this.
A network security assessment will help you identify where hackers will eventually find their way onto your network and how to proactively remediate serious cyber risks before they become attacks.