According to a study by cybersecurity company SpyCloud, 721 million passwords were stolen by cybercriminals in 2022. Worse still, 72% of users exposed to data breaches continue to use compromised passwords .
Dubbed the SpyCloud Identity Exposure Report, the study examines how stolen data exposes organizations and consumers to cybercrime risks.
Cybercriminals are exploiting the unfavorable economic environment for the tech sector
The conclusion is clear : ” The rise of malware designed to exfiltrate data directly from devices and browsers is a key driver of continued user exposure writes SpyCloud. The company discovered 721.5 million credentials exposed online in 2022. 50% came from botnets, a network of malware-infected computers under the control of an attacker used to carry out activities against a targeted victim.
“ Cybercriminals have doubled down and exploited the economic downturn, increasing hybrid workforce, phantom accounts of laid-off employees, and increased outsourcing, increasing third-party exposure “, continues the company. So when a company’s employees access internal networks from an external and potentially malware-infected device, hackers can easily access critical business applications, including single sign-on platforms and virtual private networks.
The management of passwords by users is not at all at the level
According to SpyCloud, password protection remains poor despite a focus on cybersecurity training. Thus, 72% of exposed users still use stolen passwords, while those chosen are often insecure and linked to trends.
SpyCloud recovered over 327,000 passwords related to artists Taylor Swift and Bad Bunny, over 261,000 relating to streaming services such as Netflix and Hulu, and over 167,000 alluding to the death of Queen Elizabeth II and the British Royal Family.
As a reminder, it is strongly recommended to change your passwords often, and for more security, it is recommended to generate them automatically through specialized applications. With current password managers, it is very easy to juggle between different access keys. When possible, it is also strongly recommended to activate two-factor authentication.
Source : SpyCloud
8