Leaked passwords exceeded 721M in 2022

Threat actors have exposed 721.5 million credentials online last year, many of which had been exfiltrated from malware-infected third-party business apps, VentureBeat reports. Moreover, already misused passwords are still being leveraged by 72% of those whose credentials have been leaked, according to a report from SpyCloud. Such findings emphasize the importance of robust password security in protecting data assets and mitigating account takeover attempts and other cyberattacks. "Cybercriminals can use exposed credentials to gain illegitimate access to enterprise networks under the guise of employee and consumer accounts, opening the door for more cyberattacks such as the distribution of ransomware and malware, additional data theft, and synthetic identity creation. If the credentials were freshly stolen via malware and remain active, they pose a long-term threat to corporations as criminals can use the same credentials to access accounts until the issue is identified and addressed," said SpyCloud Director of Security Research Trevor Hilligoss.