Crowd of people at night market showing the previously exposed credentials being recirculated in underground communities

Previously Exposed Credentials Recirculate Underground

Keeping track of all your login credentials is no small order. According to a 2019 LastPass security report, the average employee is expected to have 25 unique logins, at minimum, though it can go as high as 85 for smaller companies. Expected is the key word. In reality, strong password hygiene is not a common occurrence. Password fatigue is very real, and although there are tools that can safely manage all of these logins, not everyone uses these resources.

The problem with reusing passwords is that if one of your accounts is compromised in a breach or leak, your other accounts are at risk as well. And don’t think just because your favorite streaming service or social media platform hasn’t suffered a breach in five years you are in the clear to continue using those same login credentials. My firm continuously collects exposed identity information found in open sources on the surface, social, and dark web, and we have seen firsthand the dangers of password reuse.

This past year, we found that the number of new, exposed identity records grew steadily – reaching 4.2 billion to be exact, a 16.6% increase from the year prior – while previously exposed information is continuously recirculating within underground communities. Cybercriminals are re-releasing big combo packages with aggregated credentials gathered from newer, large-scale breaches. Here’s where the danger with password reuse lies: every time these big combo packages surface, billions of email addresses or usernames associated with clear-text passwords recirculate in underground communities, making the data increasingly accessible for malicious use, such as account takeover, Business Email Compromise, and other identity-based attacks. A recent example of this is “Sanixer Collections,” which received a lot of media attention for its size, but was mostly an aggregation of previous packages.

Last year, my firm found there was a 10% increase in emails and passwords contained in data breaches compared to 2018, and a 14% increase in personally identifiable information (PII). The leak, for instance, exposed 763 million identity records with an astonishing 134 fields of PII, including email addresses, full names, birthdates, and phone numbers, as well as driver and financial information. As exposed credentials are increasingly more intimate, threat actors are creating blueprints of our digital identities, fueling identity-based attacks.

Cybercriminals are leveraging exposed emails and passwords, applying bots or automated scripts for account takeover attacks, taking advantage of people that reuse credentials across multiple sites. This technique is called credential stuffing. Password spraying is a type of brute force attack campaign that takes a small number of commonly used passwords and tries to apply the credentials one by one across a large number of accounts, bypassing an organization’s account lockout threshold. These are common tactics to gain access accounts in a fast, automated way.

So, what can consumers do if their data is already out there circulating? To render this data obsolete, following a breach, change your password. Make sure you don’t just add a character or two at the end.   In general, for all your accounts, use unique, complex passwords, and when possible, multi-factor authentication. Passwords managers are also a great way to keep track of all your accounts.

Although the U.S. faced the largest number of attacks in 2019, exposing 28% of all curated records detected in breaches, this issue is global. Our research found that the top five countries affected in order of the number of compromised records are the U.S., India, China, Brazil, and Russia.

Ultimately, no, strong password hygiene will not fully prevent against future cyber-attacks. But it will mitigate your chances of suffering irreparable financial losses from a breach. Further, it will mitigate your risk of exposing your employer, its network and supply chain to financial and reputational losses. Cybercriminals just need to exploit the weakest link in a network to successfully infiltrate your company’s systems.

The increase in exposed credentials is fueling #cybercriminals with information to launch #identitytheft attacks. #respectdataClick to Tweet

During remote work especially, we must all remain on the lookout for suspicious activity and continue to follow cybersecurity best practices. Past cyber incidents can come back to haunt you and your entire network, so make sure you’re taking the necessary precautions to enhance your security posture.