+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A cybersecurity expert describes the underground hacker network where stolen usernames and passwords are 'traded like Pokemon cards'

Oct 4, 2019, 21:19 IST

FILE - In this Dec. 17, 2018, file photo people walk by a building in New York. You carry your smartphone everywhere. But the way you use it could leave you vulnerable to specific forms of identity theft, including robocall scams and hackers looking to hijack your phone number. (AP Photo/Mark Lennihan, File)Associated Press

Advertisement
  • Hackers use secret networks to aggregate and trade millions of stolen login credentials and passwords, according to a cybersecurity expert.
  • While high-profile data breaches make headlines, the real damage to individual users can be done in small increments in the months and years that follow using stolen login credentials.
  • The practice of trading stolen passwords is only growing as aggregation software becomes more sophisticated and hacking becomes more profitable.
  • Visit Business Insider's homepage for more stories.

If you're reading this, it's time to change all of your passwords.

That's because there's a good chance that your login information - or, at least, a past version of it - is circulating among secret networks where hackers trade stolen passwords or sell them for profit.

These secret networks are only growing, according to Alex Heid, chief research and development officer at SecurityScorecard, a cybersecurity firm.

"Within the hacking underground community, credentials are bought, sold, and traded for free like Pokémon cards," Heid said. "There are dozens of different hacking forums that have terabytes of information going back 10-plus years."

Advertisement

These forums primarily operate on the darkweb, a network of encrypted sites that don't show up in search algorithms. Login credentials and passwords that make it to these forums typically come from massive data breaches, which have happened frequently throughout the past year - in one recent example, 4.9 million DoorDash users' data were stolen just last week.

Read more: These are the 8 biggest scams people are most likely to fall for online

Hackers are using increasingly sophisticated database software to aggregate "combo lists" of millions of login credentials, according to Heid.

Even if hackers only have one set of credentials - for example, a user's DoorDash login - they can easily make inroads into the user's accounts on other sites. Hackers use "checkers," or programs that can take a user's email address and quickly determine if it's being used as a login on other sites. From there, hackers typically try to log into those other sites using the same password, betting that their targets use the same password across platforms. In many cases, they're successful.

"The people who are getting hit by that are the low-hanging fruit who reuse the same passwords," Heid said.

Advertisement

With hacking becoming increasingly profitable and hackers' software becoming more sophisticated, there's no indication that this trend will slow down any time soon. In the meantime, Heid advises that users change their passwords and ensure that passwords are different across different services.

NOW WATCH: How Area 51 became the center of alien conspiracy theories

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article