21 million stolen logins found for sale on the Dark Web

November 6, 2019

By Kim Komando

It’s been said you can get almost anything on the Dark Web. Weapons, illegal drugs, assassins, you name it — and if you’ve got the bitcoin, hackers and cybercriminals have what you’re looking for. Click or tap here to see some of the things you can buy on the Dark Web.Stolen website accounts make up a sizable portion of Dark Web commodities. They’re easy to find and can turn a neat profit (with stolen funds, of course). Worst of all, they’re often hacked and harvested because passwords were easy for hackers to crack.Now, an enormous haul of stolen logins has made its way to Dark Web marketplaces. If you’ve ever had your account phished or data stolen, here’s what you need to know. Plus, we’ll show you how to make stronger passwords to protect your information.

Millions of accounts for sale

According to new reports from security researchers at BleepingComputer, more than 21 million logins from Fortune 500 companies have been compromised and placed for sale on Dark Web marketplaces. Many of these accounts have already been fully cracked, which means any purchaser will have instant access if they choose to log in.The Dark Web is no stranger to massive data dumps, but what makes this leak so unique is how the passwords were collected. The list appears to be a compilation of accounts appearing in other leaks posted on the Dark Web. This lead experts to speculate the entity behind the list wanted to be as thorough and profitable with their endeavor as possible.Most of the logins appear to have been stolen from employees of big-name tech companies, with financial and healthcare companies coming in close behind. About 16,055,800 of the stolen accounts appear to have been compromised within the past few months, so this leak can’t be blamed on high-profile attacks like the Yahoo hack from years back. Click or tap to see how so many user accounts were compromised at Yahoo.The most worrying discovery was the fact that 95% of the compromised accounts appeared to have their passwords cracked via brute force. Further investigations revealed this was possible because so many passwords were weak, common and were shared across multiple websites.

Problematic passwords

Weak passwords are one of the top reasons an account gets hacked. Hackers don’t waste time trying to crack passcodes because bots can do it for them. And usually, these bots are programmed to try out several of the most commonly used passwords first.In the case of this data leak, many of these frail passwords were repeats multiple employees used. Very few featured special characters or complexity, and some are simple enough to make Komando.com’s list of the worst passwords to use. Click or tap here to see if you’re using one of these dangerously simple passwords.Here’s just a sample from the Dark Web listing of the top five passwords from the stolen accounts:

• passw0rd
• 1qaz2wsx
• career121
• abc123
• password 1

This is especially sad, considering these passwords were stolen from employees within the tech industry — the same people responsible for the security of our accounts on platforms they created!

How can I make stronger passwords?

There’s no exact science to crafting the perfect password, but here are a few pointers you can use to create strong ones:

1. Never use a personally identifying word or phrase in your password. It’s too easy for anyone who knows you to guess it.
2. Avoid simple, consecutive strings of numbers and letters like “abc” or “456.”
3. Use special characters like an “!” or a “#.” Combined with letters, these symbols make it harder for machines to guess your password.

If you have a convenient way to save your passwords, you may want to rely on a password generator like IOrbit’s Random Password Generator. This software will automatically create complicated passwords that are difficult to crack. Just set the length and complexity preferences. Click or tap here to learn more about Random Password Generator.