Over two billion passwords were leaked by hackers in 2021

News
By Sead Fadilpašić
published

Passwords are a hot commodity on the dark web

Passwords
(Image credit: Shutterstock)

Over the course of 2021, hackers managed to steal more than two billion passwords, a new report from ForgeRock has claimed. 

The company’s fourth annual breach report found that besides passwords, hackers have also been stealing people’s names, addresses, Social Security numbers, dates of birth, protected health information (PHI), and payment or banking details.

What’s more, the two billion is an increase of more than a third (35%), compared to just two years ago.

Most of the time, hackers sell the data on the black market, such as underground web forums and trading sites. While the passwords themselves often aren’t that expensive to purchase, they do open the gates for a number of potential attacks, from identity theft, to ransomware, and everything in between.

Two years ago, there had been more than 15 billion passwords on sale, on the dark web, the same report claims. 

“Usernames and passwords are the internet’s weakest link. The world has moved far beyond the point where a simple password can provide sufficient protection, and attackers know it. Spurred by the FIDO2 WebAuthn standard, the move to passwordless authentication is gaining momentum: it improves both security and ease of use for online access, while greatly diminishing the usefulness of stolen credentials by cybercriminals,” said ForgeRock CEO, Fran Rosch.

Read more

> Apple says it's game over for the password

> The humble password might be old, but it's not dead – or even on life support

> Struggling to come up with a strong password? Use one of these great generators

ForgeRock believes the future is passwordless, with biometric solutions (facial recognition, fingerprint scanners, and similar) being at the forefront. Others lean more towards multi-factor authentication as the best way to protect online accounts, as time-based keys and tokens prevent those with just the password from accessing other people’s accounts.

That being said, ForgeRock expects the passwordless authentication market to grow from $12.79 billion last year, to more than $53 billion by 2030. Whether or not that actually happens, remains to be seen. The password has been pronounced dead countless times before, yet somehow, it still prevails despite its shortcomings.

Via: VentureBeat

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.