They contain billions of logins, probably yours too. You can find them in the underground forums of the Internet. But where do the passwords in these data collections come from?
Your password is suddenly no longer a secret. How did this happen?
© Jirsak / Shutterstock.com
Password collections with millions, sometimes billions of log-in data are circulating in underground forums on the Internet. The criminals get the data mainly from these three sources:
Password databases on servers:
Most data is captured by attackers if they can hack a company’s server and steal the database with all customer information. In this way, you receive millions of log-in data in one fell swoop, often with additional information about the users.
The security specialist Acronis states in its annual report for 2020 that this year 1.5 million new phishing websites have been created on the Internet every month. If you think phishing sites are easy to spot, take a look at the two websites to the right: the top one is a phishing site.
By the way:
An analysis by Kaspersky shows that phishing scammers not only use e-mails but also messenger apps. According to this, 94,559 malicious links in connection with messengers were discovered worldwide between December 2020 and May 2021. That corresponds to more than 500 incidents per day.
Data theft from PCs and smartphones:
A third large source of data are the users’ PCs and smartphones when they have caught a Trojan horse of the “Password Stealer” type. These pests specialize in stealing passwords, cookies and other log-in data from a user’s PC.
Recently, a 1.2 TB database appeared on underground forums containing data from 3.25 million Windows PCs. A Trojan horse stole it. The data includes two billion cookies, of which 22 percent were still valid when the database was discovered and enabled logging in to Aliexpress, LinkedIn or Steam, for example. In addition to cookies, there are 1.5 million Facebook passwords and 19.4 million login data from the Google Chrome password manager. Specialists from Nordlocker were able to determine this.
One website is real and the other is a phishing website. Hardly anyone recognizes the minimal differences. The lower one is real.
Find out whether your password is on the Internet