Stop Using Your Password — 800 Million Stolen Passwords Listed Online
The cat's out of the bag: passwords have reached their collective sell-by date. The threat landscape has evolved to the point where it's no longer a viable option for securing online accounts. With the rise of infostealer malware, threat actors are leveraging AI-powered phishing attacks and other sophisticated methods to compromise credentials, making two-factor authentication (2FA) largely ineffective.
According to the latest IBM X-Force Threat Intelligence Index, published April 17, there has been an astonishing 84% increase in the number of infostealers being delivered by phishing emails per week. This upward trend is attributed to attackers leveraging AI to create phishing emails at scale. The report warned that this trend may be attributed to "attackers leveraging AI to create phishing emails at scale," which poses a significant threat to account takeovers.
The consequences are dire, with eight million adverts on the dark web and in criminal forums containing lists of hundreds of stolen credentials found in relation to the top five infostealer malware threats. This translates to at least 800 million passwords listed online, representing just the tip of this nefarious cyber-iceberg.
The good news is that it's not too late to take action. With the right protection, you can safeguard yourself against these threats and enjoy a stronger defense against criminal hackers while getting a more straightforward method of securely signing in to your accounts.
What You Need to Know
Your password could already be compromised and available to hackers. The rise of infostealer malware has made it increasingly easy for threat actors to access compromised credentials, which are then sold on the dark web or through phishing emails.
The culprit behind this trend is the widespread use of phishing attacks, which have seen an 84% increase in delivery by phishing emails per week. Other popular attack vectors include "SEO poisoning and Google Ads, drive-by attacks, and software supply chain compromises."
Why You Need to Act Now
The situation has become dire, with millions of devices infected by infostealer malware and threat actors employing automatic password hacking machines in attacks. Zero-day exploits specifically targeting Windows passwords have also been discovered, highlighting the urgency of this issue.
With two-factor authentication added to the login credentials mix, you are still not safe from 2FA bypass attacks, which employ attacker-in-the-middle and session cookie stealing tactics. These attacks weaken even the strongest defense mechanisms.
The Solution: Stop Using Passwords, Use Passkeys Instead
A Google spokesperson told me that its internal research has revealed "security keys provide a stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication."
The same message can be heard in the advice provided by Microsoft: "We recommend switching to Passkeys wherever possible and using authentication apps such as Microsoft Authenticator, which warn users about potential phishing attempts."
Protect Yourself Against Both Threats
The solution is simple yet effective: stop using passwords and switch to passkeys instead. This will provide you with increased protection against criminal hackers while getting a more straightforward method of securely signing in to your accounts.
With the rise of infostealer malware, threat actors are no longer content with breaking into systems; they're now logging in with ease. The implications are far-reaching, and it's time for individuals and organizations to take action and adapt to this new threat landscape.