Hackers are trading stolen passwords 'like Pokémon cards' on the darkweb
If you're reading this, it's time to change all of your passwords.
That's because there's a good chance that your login information — or, at least, a past version of it — is circulating among secret networks where hackers trade stolen passwords or sell them for profit.
These secret networks are only growing, according to Alex Heid, chief research and development officer at SecurityScorecard, a cybersecurity firm.
"Within the hacking underground community, credentials are bought, sold, and traded for free like Pokémon cards," Heid told Business Insider. "There are dozens of different hacking forums that have terabytes of information going back 10-plus years."
These forums primarily operate on the darkweb, a network of encrypted sites that don't show up in search algorithms. Login credentials and passwords that make it to these forums typically come from massive data breaches, which have happened frequently throughout the past year — in one recent example, 4.9 million DoorDash users' data were stolen just last week.
(Photo by Alex Ware)
Hackers are using increasingly sophisticated database software to aggregate "combo lists" of millions of login credentials, according to Heid.
Even if hackers only have one set of credentials — for example, a user's DoorDash login — they can easily make inroads into the user's accounts on other sites. Hackers use "checkers," or programs that can take a user's email address and quickly determine if it's being used as a login on other sites. From there, hackers typically try to log into those other sites using the same password, betting that their targets use the same password across platforms. In many cases, they're successful.
"The people who are getting hit by that are the low-hanging fruit who reuse the same passwords," Heid said.
With hacking becoming increasingly profitable and hackers' software becoming more sophisticated, there's no indication that this trend will slow down any time soon. In the meantime, Heid advises that users change their passwords and ensure that passwords are different across different services.
This article originally appeared on Business Insider. Follow @BusinessInsider on Twitter.
- Hackers once stole casino database through lobby fish tank ... ›
- Russians hacking the GPS system to send ships bogus GNSS ... ›
- The security community is voicing increasing doubts about the ... ›
- Inside Facebook's physical security that protects Zuckerberg ... ›
- A professional hacker reveals the top security mistake people make ... ›