Are Your User’s Passwords On The Dark Web?
An anonymous hacking ring just released nearly 890 million credentials last week on the Dark Web.
True story. Cybersecurity experts were able to find pages on the nefarious Dark Web—the places on the web where people are anonymously selling and trading elicit materials and information.
Many of the websites and companies where the credentials originate—32 that we know of—have recently released press releases of cyberattacks and data breaches on their systems.
According to hacker news groups, a Pakistani hacker going by the name of Gnosticplayers has claimed to be the source of the recent release of account information.
The hacker has claimed to have hacked dozens of popular platforms—including companies your users might be using—with many users unaware that their credentials were even compromised.
This very same hacker has released three rounds of account information thus far, selling them in a marketplace named the “Dream Market”. As of late last week, nearly 620 million accounts had been confirmed being sold on this account.
Cybersecurity experts have estimated that nearly 890 million credentials had been found online at this point.
Roughly the hacker is selling each database for 1.2431 Bitcoin, which is roughly five thousand bucks.
What kind of return on investment is 5 thousand dollars?
Each of the company credentials databases stolen and posted on the Dark Web have millions to some with hundreds of millions of account users. Cybersecurity experts have found that simply emailing users with credentials through a phishing campaign has led to nearly 19.4% success rates at either getting into their business networks or extorting that user in some way, shape, or form.
The return on the original $5000 will probably have at least a hundred-fold return.
What’s a good next step if you’re concerned about your business security or the personal security of your team members?
- Encourage your teams to update their passwords—there’s a reason why we encourage you to change your passwords. It’s because criminals are either using brute force attacks to crack passwords on your network OR they already have a password or derivative of that password because a user’s password was compromised on some other non-work platform.
- Do not reuse passwords—I know it’s really difficult to remember passwords, but you’ll be better off by keeping passwords unique to one account. One account one password should be your mantra.
- Use a password vault—to prevent requiring you to keep track of all sorts of passwords, consider using a password vault. We have recommended a free product to our clients called KeePass.
- Keep track of what is online—make sure you understand what private information is open for anyone to see online. The more information you have public on your social media accounts, for instance, the more personal data a criminal might be able to use to steal your identity.
- Track your passwords on the Dark Web—if you’re concerned that you or your team may have passwords in the wrong hands, consider asking us to monitor your passwords on the Dark Web. We have the capabilities to scan the Dark Web looking for your user’s information and if anything pops up, can report that directly to you and that user to help them make sure they have changed those credentials.
What’s next? If you are a user of any of the above-listed services or websites disclosed in the previous three rounds, you should consider changing your passwords and also on other services in the event you re-used the same password.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.