LegalSEC® - Cybersecurity - has Vendor Participation

 View Only

Stolen Login Credentials on the Dark Web

By Russell Gilmore posted 12-31-2019 11:38


Just because the company you work for is not a Fortune 500 company does not mean your credentials were not stolen at some point. According to an article in Security Magazine, 21 million login credentials stolen from Fortune 500 companies were found on the Dark Web. reported that only 4.9 million of the passwords were unique.

Just imagine what the results are for millions of other companies.  For example, most small companies do not have large IT staffs and large IT security budgets. Think about small companies that outsource their IT needs to local and online service providers. Consequently, many of their compromised credentials are sitting on the Dark Web.

For years it seems the item at the top of the list on ways to secure your account is, “Start with a strong password.” Strong passwords contain lowercase letters, uppercase letters, numbers, and symbols. More complicated passwords are better. Not only would I recommend you use a strong and complicated password but also utilize two-factor authentication on all accounts that offer it.  Two-factor authentication can likely prevent someone from accessing an account even if they have the password. (Read more about two-factor authentication here.)

It may be no fault of your own that your login credentials wind up on the Dark Web.  It is your responsibility to do everything you can to secure your online accounts.  This is possible by using complicated passwords. As always, don’t reuse the same password on multiple accounts. Always use two-factor authentication on every account that offers it.

Believe it or not, “password” or some variation was near the top in five of the ten industry categories. If you don’t read the whole article, please take away at least one tip. Quit using “password” as your password.