Users are not getting much better at password security, as 1.7 billion credential were exposed online in 2021, and 64% of users with multiple compromised passwords reuse similar passwords for multiple accounts, according to a new report from account security firm SpyCloud.
The company, in its Identity Exposure Report, says the number of exposed credentials represents a 15% increase from 2020, suggesting that users continue to engage in poor cybersecurity practices when it comes to passwords despite a rise in cyberattacks.
According to SpyCloud, the average user owns hundreds of online accounts, each with a unique login, resulting in a continuing increase in password reuse. Now, 64% of users with multiple compromised passwords reuse similar passwords for multiple accounts, making them a target for hackers. That figure is a 4-point jump from the previous year, the company says.
It’s not just the reuse of passwords that is concerning, however, as the report details a strong correlation between current events and passwords, with credentials tied to numerous TV shows and movies, as well as current events like COVID-19.
The report analyzed 1.7 billion exposed credentials from 755 breach sources, with the government sector (.gov email addresses) the most heavily represented, making up 81% of the overall total breach sources the firm analyzed.
In additional to personal information such as names, dates of birth, social security numbers and more, the report also found that information like vehicle makes and models, number of children, marital status, income, job title and Reddit handles were also compromised in breaches, suggesting that hackers could combine that information to launch social engineering attacks on targets.
“Reused passwords have been the leading vector in cyberattacks in recent years, and the threat of digital identity exposure is a growing problem,” said David Endler, co-founder and Chief Product Officer of SpyCloud, in a statement. “The findings of our annual report show that users are still not taking password security as seriously as they should. The threat of account takeover is not enacting wholesale improvements to consumer cyber hygiene, and that’s an alarming thought given the frequency of digital identity fraud.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!