Over 24 billion usernames and passwords are up for grabs on cyber criminal marketplaces and the amount of breached credentials is still rising as hackers take advantage of weak and re-used passwords.
Analysis by cybersecurity researchers at Digital Shadows found that there’s been a 65% increase in usernames and passwords sold, traded or dumped in cyber criminal forums and underground marketplaces.
Of the usernames and passwords available across hundreds of underground marketplaces, 6.7 billion were unique – up by a third when compared with previous analysis in 2020 – indicating that many usernames and passwords are being accessed and stolen multiple times, likely without the victim even being aware.
One of the reasons for this is because many accounts use common or weak passwords, making them easy for cyber criminals to steal simply by just guessing passwords.
The paper says the most commonly leaked password, found over 30 million times and accounting for 0.46% of all unique passwords – or nearly one in twenty of the total – is ‘123456’ – one of the simplest passwords around. There were also millions of instances of other simple passwords, including over 17 million cases of ‘123456789’, over 10 million passwords which are ‘qwerty’,