In one word, yes. Absolutely. Attackers are often seeking to gain access to payment card details or to make fraudulent purchases. But that is sadly, only the beginning. Many of the records stolen during data breaches are sold and bundled into a nefarious, growing marketplace for personally identifiable information (PII) on the dark web. Your password and login credentials are simply a means to an end, a key that unlocks the house to your personal data. If this doesn’t concern you yet, keep in mind that fully packaged data or “fullz” for one person can sell from less than $1 to around $450 based on factors such as your credit score.
The truth is data security has never been more critical in our society than it is today. By 2020, it is estimated that 300 billion passwords will be at risk. While accounts at financial and military institutions might be the most coveted information by hackers, any business that requires a log-in to access services will become a target.
Take food-service delivery giant, DoorDash, for example. On September 26, they announced that an unauthorized third-party gained access to user data on over 4.9 million consumers this past May. Among the type of data accessed alongside profile info, emails, home addresses and phone numbers were salted passwords. What does this mean for DoorDash, the market leader in its category with approximately 27.6 percent of market share?
Fortunately, having salted passwords for users, which involves appending an additional password to the original before hashing the entire string of characters, is a good practice to keep. Unfortunately, this data breach runs the risk of demoralizing a significant number of the company’s early adopters. Beyond disappointing loyal and trusting users and potentially losing status as the market’s top dog, the lack of data security here will have to become their number one priority.
Last year, according to the 2018 End-of-Year Data Breach Report from the Identity Theft Resource Center, hackers stole 447 million consumer records containing personally identifiable information (PII). This came at a 126% jump from 2017, so we can only expect that the increase in data breaches and exposed consumer records will continue to see annual growth at alarmingly exponential rates.
How Hackers Steal Your Password
Credential Stuffing, List Cleaning or Breach Replay
Hackers test databases and stolen credentials against multiple accounts in search of a match. Again, your password is the key to your data. So these databases are “a key ring” increasing the possibility of breaking into your account. This type of attack accounts for more than 90% of global login traffic on e-commerce sites, making it one of the largest threats.
Social engineering or human hacking is most commonly thought of as phishing. It refers to personal and direct attempts that trick users into supplying confidential information voluntarily. Whether by phone, SMS or impersonation via spear-phishing emails, over 70% of cybercrimes begin with this type of attack.
Similar to credential stuffing, minus the database and paired credentials, password spraying involves testing a list of user accounts against the most commonly known passwords. While this sounds manual and might create false hope that hackers are up against an impossible task, remember that hackers can automate most of this work and that overly-used passwords such as 123456 make this tactic quite common.
Keylogging malware records the keystrokes you type on your keyboard and into your machine. While this requires a hacker to have access to your hardware first, hackers don’t need to have direct physical access to your computer to infect it with malware.
Brute Force and Password Cracking
Hackers run algorithms against encrypted passwords until they crack open. Although this is the most widely known method of hacking seen in media, it is also one of the least common in real life. Due to the nearly infinite number of permutations that exist and best practices like encrypted, hashed and salted passwords, this is one of the least frequented tools in a hacker’s toolbox.
This final method is the least sophisticated technologically, but still very common, unfortunately. Local discovery happens when you leave your password open in public. That’s right, we’re talking about that sticky note on your desk.
The Bottom Line
Are you protecting your password?
We hope by this point that you understand and agree with us. Yes, people really are trying to steal your password everyday. But don’t let this knowledge cause you fear; instead let it inspire you to action. For starters, you can hacker-proof your passwords and review these 5 steps to further enhance password security. If you’re looking for inspiration, here’s the quickest read on how to make a secure password. Be sure to also check out website services that can inform and notify you whether or not your email or password has been breached before.
Ultimately though, if you want to position yourself, your business and your passwords with the greatest line of defense, consider investing in a password manager. Not only would this investment ramp up your cybersecurity efforts, a password management tool can also solve a variety of pain points like having to remember all your newly crafted 16-character passphrases.
TeamPassword is here to protect and defend you from these types of cyber attacks. A simple, secure password manager, designed from the ground up with security and best in-class encryption in mind can protect your company from data breaches and your passwords from hackers.
Get TeamPassword today! Try our free 14-day trial.