More Than 2.2 Billion Stolen Account Credentials Have Been Made Available on the Dark Web

Weak Password Test_1200x675-12019 is looking to be the year of the “data dump”, with more exposed records than any other year, empowering further credential stuffing attacks, according to McAfee.

Among other great details around the current state of attacks in the McAfee Labs Threats Report August 2019, the report highlights the massive number of credentials, including a single hacker group, Gnosticplayers, releasing over 1 Billion brand new account records on the dark web’s Dream Market.

What makes the availability of 2.2 Billion sets of credentials is the ability for user’s accounts to be compromised. Cybercriminals leverage scripting to attempt logons using each individual credential they have access to on multiple sites – banking, shipping, Google, Office 365, and more.

With this many accessible sets of credentials, it’s imperative that users be following a few basic security hygiene best practices:

  • Never use the same password on multiple systems, applications, or platforms – different accounts require different passwords. The use of the same password gives the cybercriminal an ability to use that credential set on multiple platforms and gain access.
  • Regularly change your password – while Microsoft killed the password expiration policy earlier this year, signaling the ineffectiveness of frequently changing passwords (e.g. every 30 days), the need for passwords to be changed at some regular interval (while not as frequent as every 30 days) is still necessary.
  • Longer passwords are better – rather than a complex short password (e.g., 3#f7Gw%8b), a longer password that uses a combination of upper/lower case letters, numbers, and symbols is more secure. The best is a passphrase with 25 characters or more. (e.g., Of the Top 10, I like #3 the best!)

Organizations can continually education and reinforce the need for proper user security hygiene through Security Awareness Training by making users both aware of the need for security vigilance, and how to best incorporate security-minded habits into their everyday work.

Are your user’s passwords…P@ssw0rd? 

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.


Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews