The DLBI (Data Leakage & Breach Intelligence) service analyzed data leaks from the darknet and found out how Russians protect their accounts. It turned out that 30% of users use one to three passwords for all services. Another 47% use from four to seven combinations, and only 23% create eight or more unique passwords.
Attackers can guess a simple password in seconds. For example, in mail services or social networks, an automatic brute-force of 10 options takes about three minutes. If a person uses only three passwords, the hack happens almost instantly.
The situation is getting worse. A few years ago, only 22% of Russians were limited to three passwords, but now there are already 30%. At the same time, modern browsers and password managers make it easy to create and store unique combinations for each site.
Many leaks occur due to "stealer" programs that steal access to CRM systems, cloud storage, and other services. For example, in 2023, a major data leak occurred, which affected users of Russian online stores and medical institutions due to the compromise of privileged accounts.
In this situation, both users and companies can be advised one thing – where possible, generate unique passwords, use two-factor authentication as widely as possible, and also do not neglect services for checking credentials for leaks. Moreover, companies can connect their credential storage to such services directly and block compromised logins and passwords as quickly as possible.
Experts note that the use of two-factor authentication and password managers can reduce the likelihood of hacking. Simple measures, such as unique passwords for each service, will improve account security.
DLBI (Data Leakage & Breach Intelligence) – a Russian service for intelligence of vulnerabilities and data leaks, as well as monitoring fraudulent resources in the Darknet
Read more materials on the topic:
SberBusiness will be hacked: white hackers will test the security of the service
The Ministry of Internal Affairs discovered 35 cases of data leaks in six months
Cyberpolice reminded of the "golden hour" after a data leak in Russia