Headlines have been rife recently with reports of “data breaches” occurring at major institutions. Even if you haven’t read about them in the news, there’s a strong possibility that you have received a breach notification from one of your service providers, whether it was your bank, healthcare provider, or even a hotel loyalty program. As this becomes a more frequent occurrence, it’s worth asking: what exactly is a data breach, and what do they entail? And for that matter, how do security measures like user passwords fit into the picture, and why aren’t they enough to stop these breaches from occurring?
To learn more about BUNKR’s simple and affordable password manager, watch this short video. Otherwise read on to learn how cybercriminals exploit weak passwords via major data breaches.
When signing up for an online account, customers are traditionally asked to provide a user ID, password, email address, and other contact information to the service provider. When you receive a breach notification, it means that cybercriminals have broken into the service provider’s business electronically and taken possession of stockpiles of customer information, including your own. Oftentimes, these malicious actors send the seized data to the dark web for further use.
By some estimates, up to 65% of data breaches go completely undetected. Making matters worse, many industries do not legally require businesses to alert customers when their data has been stolen. Even in the instances when notification is required, breaches take more than 200 days on average to be discovered. Simply put, this means there’s a very real possibility that cybercriminals can have access to your personal information — including your password — long before you’re aware of it, assuming you ever find out at all. Unfortunately, these alarming situations are taking place more and more frequently, as 2023 saw a record number of data breaches take place. The compensatory services offered by breached providers such as identity monitoring and identity insurance are a pittance in the face of the lost time, anxiety, and frustration victims have to deal with. Regrettably, because cybercriminals are savvy about making the most of their ill-gotten gains, the trouble often extends far beyond the initial breach.
Breached Information Is Used to Break Into Your Online Accounts
Cybercriminals on the dark web have vast computing resources. If the stolen information is unencrypted, which it frequently is, the offending parties will then use your user ID (oftentimes a personal email address) and password to access your accounts. While encryption helps, even that is not enough to guarantee the safety of your information. If a service provider such as your favorite hotel has encrypted your password for protection but still suffered a breach, cybercriminals will then use decryption techniques to gain access to your password, and in turn, your personal details. Because cybercriminals have no shortage of resources, these decryption attempts are successful more often than not.
Reused Passwords Are a Cybercriminals’ Plaything
Once cybercriminals have acquired your user ID and password, they will use this information to try and log in to widely used online businesses such as banks, financial service companies, shopping vendors, travel sites, credit card providers, and more. A cybercriminal’s goal is to leverage their stolen information for the greatest possible yield and pilfer as much money from victims’ online accounts as possible. There are literally thousands of avenues for them to try, and if you’ve recycled your compromised details across other platforms, it could mean serious trouble for your personal accounts. Using your hacked password as a base and deploying variations when necessary, hackers can gain access to your cash, retail credits, credit cards, retail shopping points, travel credits, travel rewards, and more. They can even retrieve retirement account details and create loans; if cybercriminals can find something that has value, they will pilfer it.
Because these attacks are automated, stolen passwords that are simple or have been recycled across platforms will allow cybercriminals to gain access to multiple online accounts and their respective finances very quickly. The software programs used for these digital raids are sophisticated and will generate deviations of the password lifted from the original breach. In cases where high-value accounts are in play, a cybercriminal may ditch the pre-programmed attacks and get directly involved to use more customized techniques that are not easily automated.
Stolen Information Is Sold and Auctioned for Further Use
The potential damages extend far beyond the party that perpetrated the initial attack. The information stolen in data breaches is often sold or even auctioned to other cybercriminals for use in separate scams, frauds, and deepfake schemes. If you’ve received scam emails, texts, or messages on social media platforms, it is most likely because cybercriminals gained access to your contact information on the dark web. As new fraud schemes are hatched, you will involuntarily be placed on the contact list. Even blocking the number attached to an incoming text scam may not be enough, as cybercriminals rotate pools of numbers used so they can still get through to would-be victims. According to estimates, these scams, frauds, and schemes cost the public billions of dollars annually, leaving immeasurable amounts of anxiety and stress in their wake.
Weak and Reused Passwords Lead to Compromised Email Accounts
Cybercriminals are always looking for the next big hit. If the email account and password they snatched from a data breach can be used to compromise your email account itself, then they’ve hit a potential gold mine. In this scenario, cybercriminals can log in to your email account unnoticed and set up automated notifications enabling them to capture personal financial details including wire information. By watching for wires, they can then send you false wire information and make off with five-to-six-figure paydays.
What Can You Do Against Data Breach Fallout?
Anyone concerned with preserving their online privacy can dramatically improve their protection by investing in a password manager like the one provided by BUNKR; it’s affordable, streamlined, and allows for password import. What’s more, BUNKR generates complex passwords automatically and stores them in an encrypted vault that only individual users can access.
Additionally, you should also use a secure messenger whenever you are sending sensitive personal information or financial details digitally. BUNKR also provides an easy-to-use messaging service that features security protections absent from other communication platforms.
Whenever possible, also be sure to set up two-factor authentication with any online account that provides it.
Lastly, keep your credit frozen with the major credit bureaus; only unfreeze it when you are actively engaged in a credit event such as getting a new card or taking out a loan.
For more information on how BUNKR can help you keep your digital information safe, follow us on Instagram, X, and LinkedIn. You can also visit our website at bunkr.life.