Cybercriminals Can Steal Cash, Assets Using 24-B Passwords
Updated: Jun 18, 2022
Experts are concerned that the more than 24 billion usernames and passwords exposed on the internet, the equivalent of nearly four for every person on the planet, will be cracked by cybercriminals and used to siphon off cash and other assets, according to Jamie Harris of the US Sun.
Photo Insert: 49 of the 50 most commonly used passwords can be cracked in under a second using simple tools commonly found on criminal forums.
Despite repeated warnings, a startling number of them use passwords that are extremely easy to guess. The sensitive information is a compilation of various breaches that have occurred over the years. Many are available on the dark web, where cyber criminals hide.
The word "password" ranks among the top 50 passwords found on the internet, alongside the classic "qwerty," with nearly one in every 200 being "123456."
According to experts from security firm Digital Shadows, 49 of the 50 most commonly used passwords can be cracked in under a second using simple tools commonly found on criminal forums. Simply adding a special character like # or * increases the time it takes a thief to solve the password by about 90 minutes.
The alarming figure of 24 billion represents a massive 65 percent increase over 2020.
Once a hacker has gained access to a password database and obtained the data, they can perform credential stuffing, which involves trying the same usernames and passwords on numerous other websites to see if you're using the same login details.
"We will move to a 'passwordless' future, but for now the issue of breached credentials is out of control," said Chris Morgan, senior cyber-threat intelligence analyst at Digital Shadows.
"Criminals have an endless list of breached credentials they can try but adding to this problem are weak passwords which means many accounts can be guessed using automated tools in just seconds.