Billions of Passwords and Credentials, Possibly Yours, Are on the Dark Web

You’re not the only one who knows your clever Spotify password

Don't assume the password you've been using for everything isn't in someone else's hands. Time to get serious about credential creation and management.

Password screen partially blocked by a silhouette
Leon Neal / Getty Images

If you’ve never used 2FA or a password manager, it may be time to consider it in light of new information regarding your login details and who may have them.

How bad is it? A new report from Digital Shadows reveals a truly staggering number of passwords and usernames have been stolen since 2018, totaling nearly 15 billion. That’s a 300 percent increase of credentials floating around the dark web, which includes media streaming and social media accounts. As Forbes put it, that’s roughly 2 accounts for every person on Earth.

What’s more: Before you start patting yourself on the back for that incredibly unique passphrase you use for Netflix, know that Digital Shadows’ report also reveals that 5 billion of those are passwords that are not used anywhere else. 

Making a profit: While cybercriminals navigating the dark web do sell some of these credentials, a significant portion of consumer accounts are simply given away for free. When money does trade digital hands, however, prices vary. Bank and financial accounts sell for $70.91, on average; accounts for antivirus programs sell for $21.67; aforementioned consumer accounts go for $15.43; social media, file sharing, and streaming accounts sell for less than $10.

Protecting yourself: “The message is simple – consumers should use different passwords for every account, and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised," said Rick Holland, CISO at Digital Shadows.

Using different passwords is a good start, but consumers should also use 2-factor authentication, password managers, and authentication apps and keys, as they will only strengthen your security. While all this might take time to set up and get used to, it’s ultimately worth it.

Bottom line: It’s easy to think your accounts are protected by lengthy, symbol-filled passwords and the websites that require them, but the truth is they aren’t. It'll take more than a clever phrase to be more secure.

Via: Forbes

Learn More About Password Security