informa
Slideshow

Credential Compromises by the Numbers

Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
Collection #1 Is Exhibit 1 as Proof of Compromise Risk
Credential Compromises Due to Phishing Skyrocket
Stolen Credentials Trail Only PII as Data Targeted for Theft
Credential Stealers: A Malware Fave
Credential-Stuffing Deluge
Cost of Credential Stuffing
Good News: Strong Authentication on the Rise
1/7

This month's discovery of a massive repository of 773 million stolen email addresses and 21 million stolen passwords offers the industry another valuable piece of evidence about how out-of-control online credential theft has become. And it's backed by many recent statistics that show just how much credential stealing is now a staple in the attacker playbook.

In practice, the bad guys gather as much stolen password data as they can collect from low-hanging fruit — often low-value sites with little protection — which they then use to fuel attacks against better secured targets. Those subsequent attacks typically start with credential stuffing, in which attackers automate the process of recycling the credential information they've stolen from one platform, website, or system and trying it against another.

"Credential-stuffing attacks are much more effective than simple brute forcing, as people often use the same credentials for accessing various systems," according to analysts with Positive Technologies.

Here's a look at some of the statistics that offer a bit of insight into the problem of credential theft and stuffing, and where we are at mitigating these risks.

 
Next slide
Recommended Reading: