Millions of passwords found leaked and being shared across the dark web. Unpleasant news emerges as 21 million credentials that belong to Fortune 500 companies are discovered by a security tool named ImmuniWeb from a Swiss security software vendor.
Usernames and passwords found mostly stored in plain text. The security firm believes that most of the released passwords would be stolen as well as some of them have been cracked (decrypted) by attackers. Even worse, the awful truth about these passwords in the leaked credentials is apparent:
There are many cases of “possibly the worst password selection race” that yielded many occurrences of passwords like “password”, “password1”, and “passw0rd”.
Employees are far from capable of creating strong passwords
Unfortunately, only less than 5 million of the leaked 21 million passwords could be considered strong. By strong, they were longer than seven characters, including numbers and symbols, as well as uppercase and lowercase mix. Because if you have stuck at only at 8, it is still not that hard to crack them.
The stigma would remain as Fortune 500 companies that are investing heavily in security; their employees are mostly far from capable of creating and using appropriately strong passwords, or just lazy.
Ilia Kolochenko, CEO and founder of ImmuniWeb says:
“These numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs.”