Boring’s Not So Boring


  1. Home
  2.  » 
  3. Boring’s Not-So-Boring Blog
  4.  » Are your credentials in the Dark Web?

Are your credentials in the Dark Web?

Digital credentials are at risk

39% of adults in the U.S. use the same or very similar passwords for multiple online services, which increases to 47% for adults ages 18-29. 

Passwords are a twentieth-century solution to a twenty-first century problem. Unfortunately, usernames and passwords are all that stands between your employees and vital online services. A good security practice is to use a completely different password for every service.

How are credentials compromised? 

Phishing – Send emails disguised as legitimate messages. 

Malvertising – Inject malware into legitimate online advertising networks. 

Watering Holes – Target a popular social media, corporate intranet. 

Web Attacks – Scan Internet-facing company assets for vulnerabilities. 

How does a hacker use credentials?

  • Send spam from compromised email accounts.
  • Deface web properties and host malicious content.
  • Install malware on compromised systems.
  • Compromise other accounts using the same credentials. 
  • Exfiltrate sensitive data (data breach)
  • Identity theft

Data is sold at auction

For those who make credentials available on the Dark Web, the financial rewards can be significant. A criminal dealing in stolen credentials can make tens of thousands of dollars from buyers interested in purchasing them. And by selling those credentials to multiple buyers, organizations that experience a breach of credentials can easily be under digital assault from dozens or even hundreds of attackers. 

The numbers are staggering

The average number of data records per company, including credentials, compromised during a data breach is 28,500! 

Protecting against compromise

While there is always a risk that attackers will compromise a company’s systems through advanced attacks, the fact is that most data breaches exploit common vectors such as known vulnerabilities, unpatched systems and unaware employees. Only through defense in depth – implementing a suite of tools such as security monitoring, data leak prevention, multifactor authentication, improved security awareness and others – can organizations protect their credentials and other digital assets from seeping onto the Dark Web. 

We keep you out of the Dark Web

Small businesses need Dark Web Monitoring for today’s cybersecurity risk. Protect your business and secure your assets. We make Dark Web Monitoring affordable enough for small businesses to take advantage of enterprise-level actionable intelligence. 

Contact us to learn more about our Dark Web Monitoring services. 

Contact Us

Share This