What the Tech? Passwords for Sale
A cyber-security company has completed an investigation of compromised login credentials and found that over 15-billion username and password combinations are for sale online.
Digital Shadows says it conducted the investigation for the past two years and found hackers targeted login credentials for bank and financial accounts.
“Unsurprisingly we found that bank accounts and financial accounts were by far the most expensive. Those were on sale for an average of $70.91 a piece,” said Alex Guirakhoo, Digital Shadows lead on its research team.
“The interesting thing is, 15 billion sounds like a lot, but it’s certainly even bigger,” he said.
Digital Shadows found advertisements for the compromised login credentials posted on well-known criminal message board sites and elsewhere on the dark web. One such advertisement posted as an example was a Bank of America account that came complete with a PIN, email address and phone number.
It was advertised for $90. There were also dozens of Netflix account login information for sale for about $10 each.
“Pretty much any kind of account that you have, there are cyber criminals that see value in gaining access to them,” said Guirakhoo.
The report also states it has never been easier or cheaper to get account login information. Netflix logins and anti-virus accounts are selling for about $10 each.
Credentials are often stolen through email phishing and malware scams but they’re also harvested and sold from online data breaches. Once a company’s database has been breached, all of those names, email addresses, phone numbers and login information is put up for sale. Sometimes, they’re even given away.
You can check to see if your email address has ever been compromised by one of these breaches by visiting the website www.haveibeenpwned.com.
This website will tell you if your email or password have been included in a data breach. It cannot show if your email was stolen
through a phishing scam. Still, it is a good place to start. Mozilla has this tool built into the latest Firefox browser.
Guirakhoo says it’s increasingly important for people to check their passwords and change them to something difficult for a bad guy to crack on their own and even more important to use a separate password for each account.
“You should treat all of your accounts as if someone would want to be gaining access to them.
Like we found in our research, anything from streaming accounts to financial accounts, you name it, those are available for sale,” he said.