How Insecure Passwords Can Damage Your Organization

No featured Image

Does your organization have compromised credentials floating around? Chances are that the answer is yes.



An estimated 60% of data breaches involved the improper use of credentials in 2021. Credential compromise is breach risk for every organization that grows daily as more and more data makes its way to the dark web.


That data includes an abundance of stolen usernames and passwords. Cybercriminals can easily scoop up big lists of passwords in dark web markets or dumps. And  They can also buy credentials straight from malicious employees.


Here are some ways in which you might be risking and compromising your company’s wellbeing.


Dark Web Credential Compromise Risk



It doesn’t matter how high-flying a company is. Password problems will still plague them. A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts.


Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020.


User credentials are the key that unlocks the door to an organization’s systems and data. Unfortunately, it’s far too easy for bad actors to get a copy of that key on the dark web.


  • An estimated 15 billion unique logins are circulating on the dark web right now.
  • The average organization is now likely to have 17 sets of login details exposed on the dark web.
  • The credentials of 133,927 C-level Fortune 1000 executives are accessible in dark web markets.
  • There has been a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web since 2020.


People Never Stop Making Passwords That Are Easily Compromised



Always a security bugbear, people just cannot stop making bad passwords. Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time.


Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favorite sports team as their password. U.S. companies aren’t any better off.


In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name.


Password Reuse and Recycling as A Bad Practice



The average adult has an estimated 100 passwords floating around that they’re using, and every one has the potential to be a problem if they recycle them.


Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway.


That disconnect is a huge problem for businesses everywhere and a fast path to trouble. These 3 password reuse and recycling corollaries bring added complications.


Password Sharing 



Employees are also sharing their passwords with other people at an alarming rate, including folks who don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.


Malicious Insiders



Credentials are a hot commodity on the dark web. While most username and password pairs hit the market through data breaches, it pays for organizations to remember that bad actors don’t always come from outside. Malicious insider actions like selling credentials result in an estimated 25% of data breaches.


Zombie Accounts 



Don’t overlook the possibility that a former employee still has a working password that allows them to access systems, accounts and data. Companies that aren’t careful about removing access and permissions from departing employee accounts can get burned by both dark web credential exposure and unauthorized user activity.


You can’t rely on the same technology to provide the same protection year after year. Strong, effective security requires solutions that don’t just rest on their laurels but keep moving forward, refining and evolving their technology to meet the current and future needs of the market.


we can help. Contact us today or book a discovery session.

Leave a Reply

Your email address will not be published. Required fields are marked *