Digital Shadows has been collecting data over the past 18 months, trying to figure out the scale of the business that is set up around the bartering of stolen user credentials. What they have found is not unexpected, but the numbers are presenting an unprecedented scale of operations. In total, there are over 15 billion credentials in circulation out there, which is 300% up compared to what was going on back in 2018. These credentials come from 100,000, or potentially even more individual data breaches, which is another way of saying that the whole situation is out of control and that data security is just an illusion.
With the average person having accounts on 191 online services, it is natural to see many duplicates in there. People are reusing their passwords or passphrases across a set of websites and services, so this is to be expected. However, 5 billion out of the total 15 billion are unique credentials.
Other interesting stats given in the report include the following:
There’s a clear conclusion that can be drawn from the above, and this is that hacking accounts and cracking protection systems like 2FA have now become an industrialized process. It takes place in an egregious scale that leaves no one untouched. Not finding yourself in one of the 100,000 breaches is statistically improbable. At the same time that the most skillful and notorious hacker groups are focusing their efforts on big companies, there are swarms of not so tech-savvy actors who are infesting every little piece of the internet, looking for low-hanging fruits.
RELATED: