COMPROMISED ACCOUNTS

Compromised Accounts

ACID Technologies is a well-established threat intelligence company that provides services to organizations operating in a wide variety of sectors and industries, including banking and finance, healthcare, education, transportation, energy, state and local government, gaming and gambling, and others. ACID monitors the dark web and multiple other sources and platforms 24/7/365, to detect signs of a cyber attack being planned, as well as attacks that are in progress or have already taken place.

The monitoring is meticulously tailored, based on client-specific keywords and relevant languages, in order to yield optimally precise results and actionable intelligence. Once a threat is detected, the targeted organization is alerted in real time and provided with all known details, to enable it to effectively respond. Additional intelligence is conveyed as it becomes available, enabling it fine-tune its response. By implementing targeted countermeasures, the organization can reduce the harmful consequences of the attack – be they disruption to operation, loss of business, payment of heavy regulatory fines, loss of clients, reputational damage, or other. When the threat detected is an attack that is still in its planning stage, it can potentially be thwarted altogether.

In the context of compromised accounts, illegally obtained user credentials posted on the dark web can be detected by ACID through its continuous monitoring activity. As reported by Kaspersky in February 2024, after investigating the dark web market for credential theft (logins and passwords) from popular AI and gaming websites, the company’s cybersecurity specialists found that over the past three years, 34,000,000 Roblox users’ credentials were compromised with malware and leaked on the dark web. Further demonstrating the gravity of the problem, Kaspersky also reported that in 2023, the number of OpenAI users’ stolen credentials increased 33-fold compared to the previous year.

What are compromised accounts, and which are the most common ones?

Compromised accounts are accounts that unauthorized individuals have gained access to and control. Email, social media and business accounts are the most common types of compromised accounts.

  • Email accounts – when an email account is compromised, the cyber attacker can gain access to and copy all the emails received and sent from it, as well as attachments. As a result of unauthorized access by an individual or group with malicious intent, sensitive information can end up in the wrong hands and be used to commit ransomware or other types of attacks. In the case of businesses, sensitive information can also be provided to competitors, leading to serious short- and long-term financial consequences.

As emails can be used to reset passwords to various applications, compromised email accounts can result in privilege escalation, which is when the attacker gains administrative access to software with the aim of launching additional attacks.

Additionally, by compromising email accounts, cyber attackers can spam the contacts of the targeted email accounts and infect their computers with malware.

  • Social media accounts – while sensitive data cannot be accessed through social media accounts, they can be a source for personal information that attackers can then use to commit fraud or identity theft.
  • Financial and business accounts – as financial and business accounts contain sensitive data, they are attractive targets to cyber attackers. When these individuals or groups gain access to bank account details and credit numbers, they can use these to purchase goods at the expense of the legitimate account and credit card holder. These can be large purchases, emptying the account or reaching the credit card limit, or smaller purchases over a more extended period of time, which the account or card holder might miss if they do not check the status of their accounts regularly.

How pervasive is the problem of compromised accounts?

The following data demonstrates the extent of the problem:

The number of compromised accounts in February 2024, as reported by HaveIBeenPwned, including all known leaked accounts in many compromised websites, was 12.94 billion. Some might be using the same username and password combinations on more than one website.

According to Statista, the record for the largest data breach to date is held by Cam4 – a total of ten billion compromised accounts.

Which methods are used to compromise accounts?

The methods usually used to compromise accounts include:

  • Phishing – tricking account users to reveal sensitive information by sending them emails that appear to be from a legitimate source, with a malicious link to click.
  • Infostealers – specialized malware developed to steal user logins and passwords from personal and corporate users, which infect devices through phishing, as well as through other methods.
  • Password attacks – for example, password spraying: trying common passwords on different accounts. This highlights the importance of users refraining from using the same password to access several accounts; choosing different passwords for different accounts helps keep them safe.
  • Credential stuffing – the use of leaked login credentials obtained in past attacks to access email accounts. Here, too, using the same passwords on multiple accounts increases the risk.

What can users do to avoid having their accounts compromised?

To protect their accounts, users would be well-advised to:

  • Choose strong passwords
  • Use different passwords for each account
  • If possible, use two-factor authentication for added protection
  • Make sure to keep up with security updates addressing vulnerabilities
  • Choose an email provider that implements security measures