Usernames and passwords for everything from network administrator accounts and banking information to video streaming services are being bought and sold every day.

Cybersecurity researchers at Digital Shadows, a digital risk protection company, estimate that over 15 billion stolen account credentials are available on the dark web – some circulating for free! “Many breached accounts are shared multiple times – suggesting that despite being hacked, the user remains unaware of what has happened.”

How Much is Your Account Worth to Criminals?
Prices range from free to over $100,000 depending on value.

Corporate Attacks:  Administrative account information for a corporation can sell for as much as $120,000.  If attackers are use that access to disrupt an entire network with a ransomware attack (ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid)  and demand millions of dollars in exchange for returning access, the criminals might consider the cost worth it.

Personal Attacks:  Obviously, bank accounts are a prime target for cybercriminals.  While a compromised account might worth everything to you, a cyber criminal only has to pay an average of $70.71 to get your data.   Other accounts like streaming services, social media, data subscriptions and oddly enough, anti-virus software, range in price from free to around $20.

How Do You Protect Yourself?
The what-ifs are scary.  Losing your savings, privacy, business holdings and sense of security are realities, but there are steps to protect yourself and your organization.

  1. Unique password that is made up of random letters (upper/lower), symbols and numbers.
  2. Utilize different passwords for different accounts.  This is made easier by password manager tools.
  3. Change passwords regularly.  There’s a chance your data is already on the dark web.  If you are concerned, change your passwords.
  4. Apply multi-factor authentication for an extra layer of protection, because even if the password is breached, there’s an alert that informs you that someone tried to get into your account.
  5. Never send passwords or account information via email.  Text or call instead.

Office 365 users,

  1. check for forwarding to ensure emails are not being set outside your organization or intended recipient
  2. Turn off Outlook web access if not a necessity
  3. Monthly review of all user accounts, remove any old or incorrect accounts
  4. Review IP location report to reveal any login attempts from unknown locations/countries

Weak Passwords are the #1 reason accounts get hacked.

  • A dictionary word with some letters simply replaced by numbers (e.g., a1rplan3 or aer0plan0).
  • A repeated character or a series of characters (e.g., AAAAA or 12345).
  • A keyboard series of characters (e.g., qwerty or poiuy).

Not sure if you are protected?  

Nieto Technology can help make sure your accounts are secure.  Call today to schedule a review of your account security. 713.893.5667