EXPERTS have worked out that more than 24billion usernames and password are exposed on the internet – the equivalent of nearly four for every person on the planet.
A shocking number of them use extremely easy to guess passwords, despite repeated warnings.
The sensitive details are a collection relating to various breaches that have happened over the years.
Many are in circulation on the dark web where cyber criminals lurk.
The word ‘password’ itself ranks in the top 50 passwords dumped on the web, alongside the classic ‘qwerty’.
Nearly one in every 200 were found to be ‘123456’.
Experts from security firm Digital Shadows say 49 of the 50 most commonly used passwords can be ‘cracked’ in under one second via easy-to-use tools commonly available on criminal forums.
Simply adding a special character like # or * adds about 90 minutes onto the the time it takes for a crook to solve the password.
The worrying 24billion figure is a massive 65 percent increase on 2020.
Once a hacker breaches a password database and takes the data, they can go onto doing something called credential stuffing, where they try the same usernames and passwords on loads of other sites, to see if you’re using the same login details.
“We will move to a ‘passwordless’ future, but for now the issue of breached credentials is out of control,” said Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows.
Most read in Tech
“Criminals have an endless list of breached credentials they can try but adding to this problem is weak passwords which means many accounts can be guessed using automated tools in just seconds.
“In just the last 18 months, we at Digital Shadows have alerted our clients to 6.7million exposed credentials.
“This includes the username and passwords of their staff, customers, servers and IoT devices.
“Many of these instances could have been mitigated through using stronger passwords and not sharing credentials across different accounts.”
Users are urged to consider using a password manager and multi-factor authentication if available, which allows people to confirm their identity using PINs, facial recognition or fingerprints instead of a password.
It’s also best to use unique passwords for every site you use, not the same one for all.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk