New research now reveals just how cybercriminals check leaked login credentials that appear online. It seems attackers are quite keen at vetting passwords and security keys to any “compromised” accounts.
Poor password hygiene has been one of the most troubling aspects of the Internet. A study conducted by cybersecurity researchers at Agari proves just how important it is to use complex and unique passwords for all online accounts.
Passwords compromised in phishing attacks vetted manually within 12 hours of exposure on the Internet:
Cybercriminals have proven that time is of the essence when it comes to profiting from stolen or leaked information online. Apart from malicious code writers, there are teams that manually check the authenticity of leaked or compromised login credentials.
To verify how quickly cybercriminals attempted to exploit leaked usernames and passwords, cybersecurity researchers at Agari planted thousands of credentials over a course of six months. The team ensured these login credentials appeared real and valuable.
"Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked, as cyber criminals look to exploit stolen credentials as quickly as possible." https://t.co/BanpfYRI8k via @ZDNet & @dannyjpalmer
— Taz Daughtrey (@SecuringSystems) June 8, 2021
The team spread these seemingly authentic credentials across websites and forums popular for dumping stolen usernames and passwords. Some of the accounts were for well-known cloud software applications but, in reality, were well within the control of the group.
Researchers discovered that regular users of the forums quickly got to work and tried to verify the login credentials. A few members attempted to use the login information in a matter of hours.
Forum users tried to access about half of the accounts within 12 hours of researchers actually seeding the sites. Users vetted about 20 percent within an hour and 40 percent within six hours. “That really shows you how quickly a compromised account is exploited,” noted Crane Hassold, senior director of threat research at Agari.
Web Browsers keep cautioning users about maintaining proper password hygiene for these very reasons:
Internet companies have long pestered users about maintaining proper password hygiene. In fact, popular browser makers such as Google and Microsoft have devised solutions to remind users about using, strong and unique passwords.
Despite constant reminders and even platforms that run a security audit, thousands of Internet users are guilty of using simple passwords across a number of websites and online accounts.
hi!! there’s been a data breach with apple and billions of passwords we’re leaked, change any passwords you have saved on your phone pls!! /srs
— kay (@kaylftv) June 8, 2021
Such practices make it extremely easy for hackers to compromise multiple accounts. Phishing attacks often become much more lucrative owing to repeated passwords.
The new research suggests hackers or forum users manually check leaked or compromised usernames and passwords. It might be a mundane task, but it could lead to huge payouts if the users can prove the credentials actually work, concluded Hassold.