According to last week in security, there was an article talking about 15 billion creds on the dark web with 10,000 breaches in a 2 year period. We’ve really got a problem when we, the consumer, choose not to change our password after a major breach. Its OK, because we honestly think that the passwords we choose are pretty secure.
I know that I have used similar passwords on some sites that I feel that don’t really have anything that a threat actor may want. The honnest truth is that credential stuffing as its called is a big problem. They want to lock you out of your account, even if it doesn’t really mean anything.
The problem that people like Troy Hunt continue to see is the lack of simple but not very unique passwords by people still today. Troy Hunt owns the web site that asks the question, Have I been powned? All you have to do on this site is enter an email address you’ve used, and he can tell you if it has been in a recent data breach. No passwords are ever shared, and he may have information about the particular breach.
Threat actors gain access to these credentials in a number of ways—among them phishing, credential-stealing malware and credit-card skimmers–and it’s
never been easier for them to lift this type of sensitive data from user accounts, said Rick Holland, CISO and vice president of strategy at Digital Shadows,
in a press statement.
This tech blog post: Target’s Nightmare Goes On: Encrypted PIN Data Stolen – NYTimes.com is just one linking to what Target had to go through just after their big time breach.
There is a ton of articles and commentary on this blog going back to 2013 if not earlier about this problem, although Target did not have a password problem, their situation is different. What about some of the other breaches you may find through this blog or any other articles you find? What might they tell you?
The article goes on to state that criminal marketplaces have tools for as little as $4 a piece, while bank and credit card data goes for $70 or more because of how valuable it is. Want to read this enlightening story? Threat Post: 15 Billion Credentials Currently Up for Grabs on Hacker Forums is where you’ll need to go, and read all of the juicy details on this emerging problem which I feel is only going to get worse. I wish it really didn’t get worse, but I imagine it will.