cxo voice
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

Credentials database theft, reused passwords dangerous entryway

Harish Kumar by Harish Kumar
November 16, 2022
Credentials database theft, reused passwords dangerous entryway

Photo: Harish Kumar

When you think about your social media accounts – let’s say your Facebook password – does it have anything in common with your LinkedIn or bank account password? Does it have the same password as your corporate account? If so, you are not alone! According to a Google survey, at least 65% of participants re-use their passwords across multiple accounts and web services.

As every service, website, and social media account requires a password, many people find it easier to reuse the existing ones instead of reinventing new ones, especially since it is difficult to manage and memorize multiple passwords. This is particularly true as, due to security policies, passwords are, by necessity, becoming more and more complex. Although most of the population understands the risk and knows that one shouldn’t reuse passwords, most of us continue reusing passwords for both corporate and personal accounts.

Some people use password managers, which are considered safe, to help them store their credentials. However, these tools are not bulletproof, as seen in August 2022 when LastPass was breached for a second time. On that note, in a survey from 2022, another password manager service, Bitwarden, found that 84% of the service consumers use the same password across multiple business and personal platforms.

India according to Statistica, there were around 170 cases of data theft reported across India in 2021, a huge jump when compared to the 98 reported in the previous year. Such a huge jump could possibly be attributed to the accelerating digital adoption over the pandemic, which forced many organizations online. With this drive to go digital, organizations and individuals also lack cybersecurity awareness leading to increased cybercrime. 

It’s not surprising that cybercriminals immediately saw an opportunity presented by people’s generally lax behavior regarding password reuse and created a flourishing underground market of databases obtained from breached websites.

As most cybercriminals do not care about the origins of the credential pair, they create “combo lists”, huge compilations of many stolen databases that are just lists of email addresses and passwords. Many of those are lists of corporate email accounts with passwords that were used on 3rd party services. The largest combo list of all time, called RockYou2021, was published in 2021 and contained more than 8 billion unique sets of email accounts and passwords.

ADVERTISEMENT
An example of a US-focused combo list that consists of 25 million records

Credential Stuffing Attacks – How do threat actors leverage stolen credentials and combo lists?

Credential stuffing is a type of cyberattack in which the attackers collect stolen account credentials, typically consisting of lists of usernames and/or email accounts and the corresponding passwords. They then use the credentials to gain unauthorized access to user accounts through large-scale automated login requests directed against a Web application.

Credential stuffing is one of the most common techniques to take over user accounts, including emails, banking accounts, social media, and corporate accounts.

The Underground Perspective

As soon as cybercriminals understood the big business potential of stolen passwords, they started focusing their efforts on hacking different websites and services that are not of great value by themselves – but are lucrative because of the user credentials they contain. 

The NIST password storage guidelines require that passwords be salted with at least 32 bits of data and hashed with a one-way key derivation function. However, even in 2022, many websites don’t comply with this policy and some even store passwords as plain text records.

The cybercriminals who hack these websites are not necessarily the ones who most effectively use them. Many flourishing underground communities and markets were created around buying and selling stolen data and credentials. Valuable sets of credentials that provide administrator-level access to an organization can cost up to $120K in the underground, with an average of $3K for administrator sets. While many sets of credentials are sold in the underground forums, many are also given for free.

In just the last six months, in one of the prominent English-speaking underground communities, more than 3,500 threads concerning stolen databases were opened, and more than 1,500 threads about combo lists that include just email accounts and passwords. Each one of these databases can include millions or even hundreds of millions of credential sets.

The number of threads dealing with credential sets opened in a prominent English-speaking underground forum.

While those databases and combo lists include a high percentage of webmail credential sets whose exposure poses only a low risk to the corporation, they also include many sets of corporate email accounts with passwords that employees use to register on 3rd party websites. This is the Holy Grail for the cybercriminals, the most valuable quarry of them all. When the same password is used across personal and business accounts, the damage potential of a cyberattack increases as criminals can access multiple accounts when just one is breached, and the organizations’ vulnerability to cyberattacks increases. These accounts and applications lie beyond the visibility and protection of business IT teams.

In many cases, cybercriminals also separate the combo lists according to the country to make it much more convenient to use. 

Examples of combo lists shared for free for credential stuffing attacks.

How does Check Point Harmony Browse help you prevent the re-use of corporate passwords?

As a complete web browsing solution, Harmony Browse offers credential theft prevention by blocking the re-use of corporate passwords across multiple web services. Password reuse is only one example of how the workforce often unwittingly puts their organizations at risk. Harmony Browse offers extensive web browsing protection to ensure your organization is protected from Web-borne security threats. Among its features, the solution prevents users from visiting phishing sites or downloading malware without compromising workers’ productivity. Organizations need to start taking that first step toward a more data and credentials-secure world. 

(The author is Harish Kumar, Head of Enterprise at Check Point Software Technologies and the views expressed in this article are his own)

Also Read: Metaverse Reality Check: Is It Worth It?

Harish Kumar

Harish Kumar

Head, Enterprise at Check Point Software Technologies, India & SAARC

Related Posts

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile
Press Release

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

May 9, 2025
Johnson & Johnson Medtech
Press Release

Johnson & Johnson Medtech Partners with Qure.ai to Boost Early Detection of Lung Cancer

May 9, 2025
Ant International and Barclays
Finance

Ant International and Barclays Partner to Revolutionize Global Treasury Management with Advanced AI Technology

May 7, 2025
Microsoft Farmbeats
Technology

Microsoft and National FFA Expand FarmBeats for Students Program to Enhance Agricultural Education Across the U.S.

May 7, 2025
CEOs on AI
AI

CEOs Bet Big on AI: Navigating the Hurdles to Unlock Its Power

May 7, 2025
Asus TUF 500
Technology

Unleash Your Gaming Potential with the ASUS TUF Gaming Compact Desktop

May 6, 2025
IBM Lumen
Business

Revolutionizing AI: Lumen Technologies and IBM Partner to Unlock Scalable AI for Businesses

May 6, 2025
IBM Oracle
AI

IBM and Oracle Join Forces to Advance Agentic AI and Hybrid Cloud

May 6, 2025
Load More
ADVERTISEMENT

Latest Updates

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

by News Desk
12 hours ago

Johnson & Johnson Medtech

Johnson & Johnson Medtech Partners with Qure.ai to Boost Early Detection of Lung Cancer

by Businesswire Desk
12 hours ago

Ant International and Barclays

Ant International and Barclays Partner to Revolutionize Global Treasury Management with Advanced AI Technology

by News Desk
2 days ago

Microsoft Farmbeats

Microsoft and National FFA Expand FarmBeats for Students Program to Enhance Agricultural Education Across the U.S.

by News Desk
2 days ago

CEOs on AI

CEOs Bet Big on AI: Navigating the Hurdles to Unlock Its Power

by Deepa Sharma
2 days ago

Oracle Oracle APSSDC

Oracle Partners with APSSDC to Empower 400,000 Students in Andhra Pradesh with Cutting-Edge Digital Skills Training

by News Desk
3 days ago

Expert Views

Molly Sands AI
AI

AI RIP: 5 Things Knowledge Workers Will Say ‘Sayonara’ to in the Next Decade

March 8, 2025
multi cloud
Cloud

Multi-Cloud Made Simple: Strategies for Smart Business Management

March 5, 2025
Soft Skills
Opinion

Soft Skills and Technical Know-How: A Winning Combination in the Tech Industry

March 4, 2025
Digital Freedom
Cyber Security

Your Data, Their Gold: The Silent Battle for Digital Freedom

February 25, 2025
LLM in India
AI

Why A Homegrown LLM Is the Next Big Leap for India

February 22, 2025

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Interviews

Steve Wilson, GenAI Cybersecurity LLMs
Cyber Security

How effective is GenAI in cybersecurity? The role of LLMs and AI in security solutions. [Interview with Steve Wilson]

-
Interview on Counterfeit products with Nikhil Narayan
Leaders Talk

Advancements in ML & AI made it possible to detect counterfeit products in real-time, says Nikhil Narayan

-
Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami
Leaders Talk

Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-
AI chatbots, Prasanna-Kumar
Leaders Talk

Can AI chatbots enhance customer experience and reduce the cost of serving customers?

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. Our coverage spans key sectors, including IT, technology, banking, finance, cybersecurity, engineering, and automobiles.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

Copyright © 2025 CXOVoice - All Right Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release

Copyright © 2025 CXOVoice - All Right Reserved