Your Password’s Secret Life

Since the beginning of 2022, we are aware of at least 17 data breaches that exposed over 55 million records with personal information. The majority of them included also email addresses with paired passwords. From now, it’s only a matter of time before cybercriminals will start to leverage this compromised information for different attacks. In this article, the Cyrus team will give you a sneak peek at what happens to your password when it leaks to illicit sources and how you can detect and respond to those incidents.

One password, different services and accounts.

The majority of end-users still recycle and reuse the same email address and password combination for different online services. It’s convenient and easy to have “one key that fits everything”, but this exposes you to an account takeover attack that may end with stealing your accounts. According to statistics, across 1.7 billion credentials from 755 breaches – 70% reuse at least one password across more than one account. It means that if the malicious actor will discover your email and password pair, he will try to fit this combination into other popular web services like streaming vendors or social media accounts. Once there is a match, the compromised account is in the hands of a cybercriminal that will wait for the perfect timing to take over control. Password recycling is not a single problem in maintaining proper cybersecurity hygiene. A weak password like “123456” is still in use by over 100 million users all over the world.

“Under the hood” of hacking

Unfortunately, most of the databases of hacked sources will find their way to the underground forums where such information is offered for sale or shared between members. Even if the password was stored in an encrypted version, a weak password like “123456” can be cracked almost instantly. Then, those large databases are split into more small chunks of data and get ready for the next step of an account take-over attack. To automate and scale the whole process, cybercriminals developed and use tools that know how to check bulks of credentials against a specific source. Cyrus’s Research team discovered a tool (also known as “account checker” in cybercrime jargon) that targets Instagram and “knows” to find valid accounts that their owner recycles the same credentials. When this tool finishes its work cycle, the cybercriminal gets a list of accounts that can be stolen in a few clicks. Those accounts are usually sold on the underground black market for several dollars or the owner is pushed to pay the ransom in order to retrieve their account back.

How can I improve my security?

To take responsibility for your personal cybersecurity today is easy than ever. Download Cyrus to get notifications regarding exposure of your digital assets, start monitoring them and review that you practice the following basic rules:

• Enforce 2FA on your email addresses and critical accounts
• Create strong passwords
• Use password manager
• Review that you still don’t use previously compromised passwords