A cybersecurity expert describes the underground hacker network where stolen usernames and passwords are 'traded like Pokémon cards'
- Hackers use secret networks to aggregate and trade millions of stolen login credentials and passwords, according to a cybersecurity expert.
- While high-profile data breaches make headlines, the real damage to individual users can be done in small increments in the months and years that follow using stolen login credentials.
- The practice of trading stolen passwords is only growing as aggregation software becomes more sophisticated and hacking becomes more profitable.
- For more stories go to www.businessinsider.co.za.
If you're reading this, it's time to change all of your passwords.
That's because there's a good chance that your login information - or, at least, a past version of it - is circulating among secret networks where hackers trade stolen passwords or sell them for profit.
These secret networks are only growing, according to Alex Heid, chief research and development officer at SecurityScorecard, a cybersecurity firm.
"Within the hacking underground community, credentials are bought, sold, and traded for free like Pokémon cards," Heid told Business Insider. "There are dozens of different hacking forums that have terabytes of information going back 10-plus years."
These forums primarily operate on the darkweb, a network of encrypted sites that don't show up in search algorithms. Login credentials and passwords that make it to these forums typically come from massive data breaches, which have happened frequently throughout the past year - in one recent example, 4.9 million DoorDash users' data were stolen just last week.
Hackers are using increasingly sophisticated database software to aggregate "combo lists" of millions of login credentials, according to Heid.
Even if hackers only have one set of credentials - for example, a user's DoorDash login - they can easily make inroads into the user's accounts on other sites. Hackers use "checkers," or programs that can take a user's email address and quickly determine if it's being used as a login on other sites. From there, hackers typically try to log into those other sites using the same password, betting that their targets use the same password across platforms. In many cases, they're successful.
"The people who are getting hit by that are the low-hanging fruit who reuse the same passwords," Heid said.
With hacking becoming increasingly profitable and hackers' software becoming more sophisticated, there's no indication that this trend will slow down any time soon. In the meantime, Heid advises that users change their passwords and ensure that passwords are different across different services.
Receive a daily email with all our latest news: click here.
Also from Business Insider South Africa:
- The massive plastic-cleaning device invented by a 25-year-old is finally catching some trash in the Great Pacific Garbage Patch. Take a look at its journey.
- Satellite images show how South Africa’s biggest malls – in Fourways, Menlyn, Midrand, Sandton, and Durban – have transformed
- Cash only: Card problems at Woolworths around the country
- 'I thought Uber drivers were bad at picking me up.' Trevor Noah makes fun of new Tesla feature
- Chicken Licken has a ‘secret menu’ – but the only thing cool about it is the black box it comes in
- Why Boris Johnson will be forced to delay Brexit until next year