Criminals love stealing credentials, and too many people are handing them the keys to the kingdom. A recent study by Verizon showed that 91% of phishing attacks targeted the user’s credentials. Why? Because stealing your username and password is the easiest way to break in to your business data, your bank account and more.
We make it even easier when we choose weak passwords or reuse the same passwords in multiple places. In fact, the study reported that 63% of confirmed data breaches involved weak, stolen or default passwords.
Your passwords are a problem
You’ve probably been told a hundred times to use a secure password. Many services even require long passwords or passwords with special characters. Many people are still ignoring the advice. As of 2016, 123456 was still the most common password. Other laughably crackable passwords on the list include qwerty, 111111 and, of course, password.
Another common method for choosing passwords is to use pet names, birthdays, favorite sports teams, etc. Nowadays, Facebook probably knows more about you than some of your family members. It’s not hard for a hacker to use Facebook to find out your favorite band and your mother’s maiden name.
Even with a strong password, you’re probably guilty of another password crime: recycling. 81% of Americans admit to using the same password for multiple online accounts. Once a criminal gets their hands on your credentials for one account, they’ll certainly try it on any of your other accounts they can find.
This is a big danger for businesses. Imagine if an employee’s personal credentials get hacked, but they’re using the same password for their work email. Suddenly, the hacker has a backdoor into your business. Once inside, they can sneak malware onto your network or try to penetrate deeper to get at your financial or employee records.
Reusing the same password for multiple accounts is like having the same key for your business, your house, your car and your bank account. Risky. Even worse, if it’s a weak password, it’s like making the key neon green and hiding it under your front doormat. No one would ever look there, right?
You’re in the dark
One big problem with stolen credentials is that many businesses don’t know when they’re stolen. According to the Verizon study, 93% of attacks took only minutes, but the organization took weeks or more to discover the breach.
In that time, your stolen data can travel extremely far on what’s called the “dark web.” The dark web is a part of the Internet can only be accessed with special browsers and direct links, making users untraceable. Criminals and hackers exploit this anonymity to buy and sell thousands of stolen credentials every day.
In an experiment by cloud security company Bitglass, researchers tested how stolen data spreads on the dark web. They created a fake Google Drive account with fake financial data and other personal data. Then they leaked the Google Drive credentials and watched how hackers reacted.
The data immediately generated over 1,400 hits and 94% of the hackers also found the victim’s other accounts, including the fake bank account. It’s a powerful reminder of how fast information can spread online and of the danger of reusing passwords.
Find out if your passwords are protected
Again, most businesses don’t know if and when their credentials are stolen. But you don’t have to be in the dark anymore.
We can monitor the dark web and alert you when we detect any stolen information about your company.