A security vendor discovered nearly 1.5 billion breached log-in combos circulating online last year and billions more pieces of personal information (PII), with password reuse and weak hashing algorithms commonplace.
SpyCloud’s 2021 Credential Exposure Report was compiled from the vendor’s human intelligence efforts to recover stolen data from criminal networks early in the breach lifecycle.
Some 854 breach incidents, up a third from 2019, leaked on average 5.4 million records each.
Poor password security is still rife: for users with more than one password stolen last year, SpyCloud found that 60% of credentials were reused across multiple accounts, exposing them to credential stuffing and other brute force tactics.
For the 270,000 .gov emails recovered, password reuse was even higher, at 87%.
Nearly two million passwords contained “2020” while almost 200,000 featured COVID-related keywords like “corona” and “pandemic.”
As usual, the most common password was “123456,” followed by “123456789” and “12345678.” “Password” and “111111” also appeared more than 1.2 million times each.
However, in some cases, the blame lay with the organizations tasked with protecting their customers’ personal data and logins. SpyCloud found that a third (32%) of breached passwords used the weak MD5 algorithm and 22% used SHA1. In addition, only 17% of passwords were salted.
The security firm also recovered over 4.6 billion pieces of PII including names, addresses, birthdates, job titles and social media URLs. This trove featured 1.3 billion phone numbers, the most common piece of PII found.
The findings represent a major security risk for both individual consumers and businesses, given that many credentials and email addresses are being used across corporate and personal spheres.
“These staggering numbers indicate a continued threat for account takeovers, identity theft and fraud at a time when people have been spending more time online during the COVID-19 pandemic,” said David Endler, co-founder of SpyCloud.
“Criminals didn’t stop for the coronavirus. In fact, attackers have been able to use the disruption of the pandemic to their advantage.”