WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Friday, March 29, 2024 
Add Press Release News | News Feeds Feeds | Email This News Email


SpyCloud 2020 Credential Exposure Report: Over 9 Billion Email and Password Combos Recovered from Cybercriminals
Wednesday, February 19, 2020

Weak passwords, unsecured servers and sophisticated cybercrime tools help criminals nearly triple data resources used for account takeover and fraud

AUSTIN, Texas, Feb. 11, 2020 /PRNewswire/ -- SpyCloud, the leader in account takeover (ATO) prevention, today released its 2020 Credential Exposure Report, which tallies the extent of personal data stolen in the last year, identifies individual and organizational security trends that lead to breaches, and tracks the evolution of cybercriminal tactics.

The 9,050,064,764 credentials SpyCloud recovered throughout 2019 came from a total of 640 unique data breaches and include email addresses connected to plaintext passwords and usernames with plaintext passwords. That means, on average, each of these data breaches gave criminals more than 14 million sets of login credentials. Because people often reuse passwords across several accounts, both personal and for work, each set of login credentials could be used to access dozens or more accounts through which cybercriminals can perpetrate fraud.

"As the world celebrates Safer Internet Day, we want to remind every internet user that monitoring your online credentials for exposure, never reusing passwords, and opting in for multi-factor authentication are the best ways to protect yourself from cybercrime," said Ted Ross, CEO and co-founder of SpyCloud.

The SpyCloud research team identified that almost a third of internet users affected by data breaches last year had reused a password in some form. 94% of those who recycled passwords reused the exact same password, while the other 6% made minor changes such as capitalizing the first letter or adding numbers to the end of their typical password. These tactics are easily defeated by sophisticated crimeware tools, which test for common, slight variations.

In terms of organizational security, SpyCloud researchers noted a worrying trend: more of the data criminals are sharing and selling came from breaches of misconfigured or unsecured servers. Organizations may also be taking incomplete steps to protect passwords. The researchers found that more than half (53.7%) of the plaintext passwords recovered were originally protected using the outdated hashing algorithms SHA-1 and MD5. Security professionals have recommended against using SHA-1 since about 2005, and against using MD5 since as far back as 1996, because cybercriminals can easily and quickly crack passwords hashed with these functions and recover plaintext passwords.

"Our data shows that consumers are still not changing their poor password habits, yet we know they're holding organizations accountable for their security," said David Endler, co-founder and chief product officer for SpyCloud. "Criminals are still using passwords they stole in 2012 to attack and take over accounts today. Companies need to guide users to set better passwords at the time of account creation and help users maintain strong, uncompromised passwords whenever their credentials are exposed in a breach anywhere in the world."

Despite the problem of password fatigue and reuse coming into clearer focus over the past few years, little has changed in the world's most popular passwords. Among the more than 9 billion SpyCloud collected last year, the top three are "123456," "123456789," and "qwerty," and are being used to protect some 125 million accounts. It is increasingly up to organizations to comply with NIST's password guidelines (NIST Special Publication 800-63B), which recommend checking user passwords for those that have been exposed in previous breach corpuses, as well as commonly used or easy-to-guess passwords.

To read the full report on all the personally identifiable information exposed on the cybercriminal underground last year, visit the SpyCloud blog. SpyCloud's full report also includes information on the cybercriminal tactics, techniques and procedures that lead to data breaches, and an interactive map showing the most commonly used passwords by country.

See your real-time breach exposure details for free, powered by SpyCloud data, at spycloud.com.

About SpyCloud
SpyCloud is the leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations. Our award-winning solutions proactively defeat fraud attempts and disrupt the criminals' ability to profit from stolen information. Learn more and check your exposure at spycloud.com.

View original content to download multimedia:http://www.prnewswire.com/news-releases/spycloud-2020-credential-exposure-report-over-9-billion-email-and-password-combos-recovered-from-cybercriminals-301002489.html

SOURCE SpyCloud



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav El Cajon, CA: Deep Cycle Battery San Diego Partners with 5th Gear Marketing for Enhanced Digital Presence | Mar 27, 2024
Nav Network Services Market Top 10 Growth Opportunities in 2024 - Self-healing, AI, and ML Components Drive SD-WAN Growth | Mar 27, 2024
Nav New Solution from ControlUp Slashes Organizational Risk while Boosting Compliance and Productivity | Mar 27, 2024
Nav AV-Comparatives: Celebrating 20 Years of Excellence in Cybersecurity Testing | Mar 27, 2024
Nav Sandfly Security Secures Funding from Gula Tech Adventures & Sorenson Capital for its First-of-a-Kind Agentless Linux Security Solution | Mar 27, 2024
Nav ReasonLabs Enhances Industry-Leading Consumer DNS Filtering Product Safer Web | Mar 27, 2024
Nav SlashNext Wins Gold for Best Email Security and Management at 2024 GlobeeĀ® Awards | Mar 27, 2024
Nav Lumen Disrupts Cybercriminals Targeting Home and Office Routers | Mar 27, 2024
Nav Simplilearn Bags Two Awards at the EC-Council Global Award for the Sixth Time | Mar 27, 2024
Nav Asia Pacific Gift Card and Incentive Card Intelligence Report 2024: Market to Grow by 8.3% to Reach $235.7 Billion in 2024, Driven by Entry of New Players Across the Region | Mar 27, 2024
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News