• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / May 6, 2021

Password Reuse Risk Is Exacerbated by Dark Web

The Dark Web…sounds like something out of Star Wars. No, wait, that’s the Dark Side.

Actually the Dark Web IS the dark side.  It is the dark side of the internet.

It requires special tools to access so you cannot just Google it and go there from your normal browser. That is, you can’t accidentally stumble into it. 

It is used primarily as a platform for activities to elude law enforcement. One of these activities is the selling of stolen personal/private information. The data is stolen via data breach (cyber attacks) of organizations with large databases of such info. This data may include names, social security numbers, birthdates, credit card information, health records and more. These are sold for identify theft or credit card fraud.

One of the biggest uses is to sell email addresses and passwords. The purpose isn’t just so you can be sent spam email. That would be frustrating for sure. But it’s much more treacherous than that.

Cyber criminals count on users to re-use the same password for multiple accounts. Then, with your email address and password, a cyber criminal can access your accounts.  Let’s say, for example, from the LinkedIn breach, your username (Wile.E.Coyote@Acme.com) and password (DieRoadRunner) are on the dark web.  You may have changed your password on LinkedIn.  But you didn’t change it on your bank account or on your work account.  The cyber criminal knows you work at Acme from your email.  So they try to login to your work account using your password.  Once they’re in, they can access anything you are able to access.  Or they can send an email from your account.  If you’re the CEO, they could send an email to the finance officer (as you) directing her to wire $1M to an off-shore account. 

All it takes is one hit for a criminal to get into your company, just one employee to use the same password on his work account that he uses on other accounts.  One hundred employees may use good cyber hygiene, but all it takes is one who doesn’t.

It is estimated that 76% of employees and executives reuse passwords across personal and professional accounts.

Criminals can also go after you personally.  They can try to login to various bank accounts to see if that username and password work.  Again, once in, they can drain your personal bank account.

All this just because you didn’t take the time to use different passwords on your accounts. 

In 2020 alone, 22 million new records were added to the Dark Web. 

A short-term solution is to use multi-factor authentication (MFA).  Even if the criminal has the username and password, he still cannot get in because he doesn’t have access to the one-time code that is needed via the MFA device.  Studies show that MFA can stop 99% of password-based cyber attacks.

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT