A cybersecurity expert describes the underground hacker network where stolen usernames and passwords are 'traded like Pokemon cards'
- Hackers use secret networks to aggregate and trade millions of stolen login credentials and passwords, according to a cybersecurity expert.
- While high-profile data breaches make headlines, the real damage to individual users can be done in small increments in the months and years that follow using stolen login credentials.
- The practice of trading stolen passwords is only growing as aggregation software becomes more sophisticated and hacking becomes more profitable.
- Visit Business Insider's homepage for more stories.
If you're reading this, it's time to change all of your passwords.
That's because there's a good chance that your login information - or, at least, a past version of it - is circulating among secret networks where hackers trade stolen passwords or sell them for profit.
These secret networks are only growing, according to Alex Heid, chief research and development officer at SecurityScorecard, a cybersecurity firm.
"Within the hacking underground community, credentials are bought, sold, and traded for free like Pokémon cards," Heid said. "There are dozens of different hacking forums that have terabytes of information going back 10-plus years."
These forums primarily operate on the darkweb, a network of encrypted sites that don't show up in search algorithms. Login credentials and passwords that make it to these forums typically come from massive data breaches, which have happened frequently throughout the past year - in one recent example, 4.9 million DoorDash users' data were stolen just last week.
Hackers are using increasingly sophisticated database software to aggregate "combo lists" of millions of login credentials, according to Heid.
Even if hackers only have one set of credentials - for example, a user's DoorDash login - they can easily make inroads into the user's accounts on other sites. Hackers use "checkers," or programs that can take a user's email address and quickly determine if it's being used as a login on other sites. From there, hackers typically try to log into those other sites using the same password, betting that their targets use the same password across platforms. In many cases, they're successful.
"The people who are getting hit by that are the low-hanging fruit who reuse the same passwords," Heid said.
With hacking becoming increasingly profitable and hackers' software becoming more sophisticated, there's no indication that this trend will slow down any time soon. In the meantime, Heid advises that users change their passwords and ensure that passwords are different across different services.
- Paras Defence and Space Technologies IPO: Here’s how to check allotment status
- Google’s birthday: Here's a look at the significant milestones in Google's 23-year history
- Dolce & Gabbana want to make Elon Musk the ‘King of Crypto’ — but only if he can shell out more than ₹3.8 crore for the ‘Doge Crown’
- Buy biodegradable sanitary pads for women in India
- Best baby booster seat in India
- Amazon-backed Capital Float plans to go big in the buy now, pay later segment; raises $50 million
- Where Indians work — seven charts that show you the employment map of the world’s sixth largest economy
- Alibaba, Binance, Sparkpool and other companies are scrambling to avoid any heat from China over crypto concerns
- Freshworks IPO
- Paras Defence and Space IPO
- Instagram Posts
- Mukesh Ambani
- Apple iPhone 13
- Girish Mathrubootham
- ITC Share Price
- OnePlus Nord 2 smartphone
- Upcoming Movies in India
- New Smartphone in India
- Finolex Cables Share Price
- Paras Defence and Space IPO
- Epic Games
- Elon Musk
- Aditya Birla Sun Life
- Rajasthan PTET 2021 result