Copyright forbes
Privacy company Proton expose 300 million stolen credentials. SOPA Images/LightRocket via Getty Images Updated November 1 with further analysis of how leaked and stolen passwords are abused using genuine accounts in light of the Proton exposure of 300 million credentials available on dark web cybercrime markets. Passwords are the keys to your online kingdom. An attacker with the correct password can access accounts and the data within and even beyond them; that’s a security no-brainer, right? So why are hundreds of millions of them ending up on the dark web to be traded by threat actors? In the last 10 days alone, we have seen reports of humanized password stealers targeting Android users, a 183 million credential leak that included Gmail account passwords, and password manager giant LastPass having to issue warnings to users after active master password attacks were reported. Now, the Swiss-based internet privacy outfit Proton has confirmed that it has uncovered a total of 300 million credentials, with passwords appearing in 49% of them, using a new dark web Data Breach Observatory tool. ForbesNew Warning As Microsoft Windows Attacks Confirmed — No Fix AvailableBy Davey Winder 300 Million Individual Records Exposed On Dark Web By Proton As the move towards a passwordless future plods ever slowly on, with many hurdles to overcome despite the best efforts of the likes of WhatsApp and Google, passwords remain one of the weakest links in your account security protections. Everything from password reuse, and please don’t do that, to successful phishing and other attacks, exposes password users to risk. This has been oh-so-clearly demonstrated with the launch of the Data Breach Observatory resource by Proton. Rather than rely upon disclosures from impacted organizations, Proton has gone directly to the source of the stolen data: the dark web and criminal marketplaces therein, where stolen credentials are traded. The Data Breach Observatory provides consumers and businesses alike “previously unobtainable transparency,” Proton said, by drawing data from the criminals themselves. MORE FOR YOU Proton's Data Breach Observatory The numbers are, frankly, both shocking to read and reasonably expected given the state of password security. Over 300 million individual records exposed, and this does not include the ‘combo’ datasets that aggregate and duplicate data from other leaks, with 71% identified as being from SMBs and 49% including passwords. ForbesPayPal Attack Update: Another ‘Do Not Pay’ Warning IssuedBy Davey Winder Mark Robson, a senior tactical threat analyst, and Andrew Nicchi, a senior incident response analyst, both with Fortinet, have confirmed just how dangerous and prolific the abuse of stolen credentials in conjunction with perfectly genuine accounts is. In a detailed new analysis published by Fortinet Labs Threat Research, the pair have revealed that “attackers are continuing to rely on valid accounts and legitimate remote access tools instead of ‘implant-heavy’ intrusions.” I mean, it’s not surprising, given that so many credentials are being exposed and made available so readily to pretty much any threat actor who can afford them. Many such databases are even passed around on criminal forums for free. “This approach allows threat actors to blend in with normal business activity, making detection significantly harder,” Fortinet warned, adding that “in many cases, the ‘breach’ was not a sophisticated exploit—it was simply a successful login event buried among routine ones.” In other words, indicative of prior credential-harvesting phishing incidents or infostealer malware attacks. “Data breaches targeting online services are becoming ever more frequent, with over three hundred million individual records already exposed this year on the dark web,” Eamonn Maguire, director of engineering, AI & ML, at Proton, said. “If your credentials are compromised, receiving timely alerts is essential to secure your accounts, prevent identity theft, and minimize financial losses,” Maguire concluded. You know what to do: check for any leaked credentials now, switch to using passkeys wherever possible, and ensure that two-factor authentication is in place where not. ForbesLinkedIn DM Attack Warning — What Users Need To KnowBy Davey Winder Editorial StandardsReprints & Permissions
