Over 21 million login credentials from Fortune 500 companies have been found on the dark web for sale. Many of them have already been cracked and available in plaintext form. This information was compiled by crawling multiple sources, such as the Tor network, web forums, PasteBin, IRC channels, social networks, and messenger chats. Not all of the login credentials are fresh though. A report published by ImmuniWeb stated that over 16 million were compromised in the last 12 months. However, the researchers reveal a worrying statistic: “95% of the credentials contained unencrypted, or brute-forced and cracked by the attackers, plaintext passwords.” More information on this report can be found here: https://www.bleepingcomputer.com/news/security/21-million-logins-for-top-500-firms-offered-on-the-dark-web/
Analyst Notes
Login passwords should be unique to the site and be kept increasingly complex through the use of special characters, case sensitive letters and numbers. Passwords can be a passphrase that the individual finds easy to remember. Using a secure password managing system is a way to assist users in keeping track of the various passwords they use. Binary Defense’s Counterintelligence team offers a comprehensive @ domain monitoring service that will let our analysts know if a domain has been included in a breach and what information has been exposed. This is a good way to help companies stay ahead of breaches and change credentials if they have been affected.
