15 Billion Credentials Now in Criminal Circulation: Report

Digital Shadows has released the results of a study that quantifies the sheer scope of the world’s digital security problem. The From Exposure to Takeover report reveals that there are currently more than 15 billion credentials available for sale through criminal channels, a number that represents a 300 percent increase over 2018.

New Report Suggests 15 Billion Credentials are Now in Criminal Circulation

The dramatic spike is the result of 100,000 data breaches in the past two years. The credentials typically include user names and passwords, many of which correspond to bank accounts, social media channels, and other sensitive applications. According to Digital Shadows, the average bank account credential goes for just over $70, though the price for a high quality account can climb above $500.

However, individual bank accounts were not the most expensive product on the criminal dark web. Admin access to a larger organization’s key systems went for an average of $3,139, but could go for as much as $120,000 during an open auction.

“The sheer number of credentials available is staggering,” said Digital Shadows CISO and Strategy VP Rick Holland. “Some of these exposed accounts have access to incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”

The report goes on to warn that account takeover attacks have become a particularly pernicious problem, largely because such attacks have become relatively simple and cheap to execute. That’s why Digital Shadows recommends that people use a different password for every account. It also advises organizations to watch for leaked credentials, and to be wary of some of the more vulnerable two-factor authentication methods, including CAPTCHA and (especially) SMS.

The Digital Shadows report arrives roughly a month after a ForgeRock report that found that U.S. organizations lost more than $1.2 trillion due to data breaches in 2019 alone. On that front, several recent studies have shown that many businesses and individuals are still putting far too much faith in the integrity of passwords.

Partners

FaceTec’s patented, industry-leading 3D Face Verification and Reverification software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ finally make trusted, remote identity verification possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for 3D Liveness and Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

The Biometric Digital Identity Prism is a market landscape framework designed to help influencers and decision makers understand, innovate, and implement digital identity technologies and solutions. This innovative framework for understanding and evaluating the rapidly evolving biometric digital identity marketplace is the only market model that is truly biometric-centric based on the foundational conviction that in the age of digital transformation the only true, reliable link between humans and their digital data is biometrics. https://www.the-prism-project.com

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs. https://mobileidworld.com

ID R&D combines extensive R&D capabilities with advances in AI to deliver superior biometrics and liveness detection software. Our products work across mobile, web, and telephone channels, as well as conversational interfaces, IoT devices, and embedded hardware to improve security and significantly reduce friction in the user experience. https://www.idrnd.ai

AuthenticID’s disruptive and cutting-edge, AI-driven solution quickly, accurately, and securely reproduces real-world identity verification so that companies can be assured of who they are conducting business with, strengthen underwriting, reduce the losses associated with fraud, and streamline onerous customer onboarding procedures, leading to higher conversion rates. https://www.authenticid.com/

Identity Week aims to be a significant identity industry catalyst. It’s our mission is to help accelerate the move towards a world where trusted identity solutions enable governments and commercial organisations to provide citizens, employees, customers and consumers with a multitude of opportunities to transact in a seamless, yet secure manner. All the while preventing the efforts of those intent on doing harm. https://identityweek.net/

Related News & Articles

Footer

Follow Us