Check the security of your Google and Facebook accounts.. 24 billion usernames and passwords leaked to the dark web

Digital Shadows, a leading provider of threat intelligence and digital risk protection, has published a new study that quantifies the extent of password breaches globally.

Experts revealed that there are more than 24 billion user names and password combinations circulating in cybercriminal markets, many of them on the dark web, and this number represents a 65% increase over the number mentioned in the previous report in 2020.

The study notes that a shocking number of Internet users use very easy passwords despite repeated warnings, many of them circulating on the dark web where cybercriminals hide.

Digital Shoes found that the word "password" along with the classic "qwerty" rank among the top 50 incredibly easy-to-guess passwords on the web.

The study also found that one out of every 200 users uses the password "123456".

Digital Shoes experts say that 49 out of 50 commonly used passwords can be "hacked" in less than one second with easy-to-use tools available and popular in criminal forums.

Adding a special character like # or * can add up to 90 minutes to the time it takes the fraudster to solve the password.

Experts urge to consider using 'password managers' (Reuters)

A future without passwords

Once the hacker breaches the password database and takes the data, they can proceed to doing something called credential stuffing, where they try the same usernames and passwords on many other sites to see if you're using the same login details.

“We will be moving to a future without passwords, but right now the issue of credential hacks is out of control,” said Chris Morgan, Senior Analyst for Cyber ​​Threat Intelligence at Digital Shoes. But adding weak passwords to this problem means that many accounts can be guessed using automated tools in just seconds."

Experts are urging users to consider using a password manager, a software application that helps generate and retrieve complex passwords, potentially storing these passwords in an encrypted database, or a dedicated account on demand by the user themselves.

Multi-factor authentication (MFA) can also be used if available, allowing people to confirm their identity using personal identification numbers, facial recognition or fingerprints instead of a password.

It's also best to assign unique passwords to each site you use, rather than one password for everyone.