15 Billion Credentials Now in Criminal Circulation: Report

Digital Shadows has released the results of a study that quantifies the sheer scope of the world’s digital security problem. The From Exposure to Takeover report reveals that there are currently more than 15 billion credentials available for sale through criminal channels, a number that represents a 300 percent increase over 2018.

New Report Suggests 15 Billion Credentials are Now in Criminal Circulation

The dramatic spike is the result of 100,000 data breaches in the past two years. The credentials typically include user names and passwords, many of which correspond to bank accounts, social media channels, and other sensitive applications. According to Digital Shadows, the average bank account credential goes for just over $70, though the price for a high quality account can climb above $500.

However, individual bank accounts were not the most expensive product on the criminal dark web. Admin access to a larger organization’s key systems went for an average of $3,139, but could go for as much as $120,000 during an open auction.

“The sheer number of credentials available is staggering,” said Digital Shadows CISO and Strategy VP Rick Holland. “Some of these exposed accounts have access to incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”

The report goes on to warn that account takeover attacks have become a particularly pernicious problem, largely because such attacks have become relatively simple and cheap to execute. That’s why Digital Shadows recommends that people use a different password for every account. It also advises organizations to watch for leaked credentials, and to be wary of some of the more vulnerable two-factor authentication methods, including CAPTCHA and (especially) SMS.

The Digital Shadows report arrives roughly a month after a ForgeRock report that found that U.S. organizations lost more than $1.2 trillion due to data breaches in 2019 alone. On that front, several recent studies have shown that many businesses and individuals are still putting far too much faith in the integrity of passwords.

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Related News & Articles

Footer

Follow Us