How passwords end up on the dark web?
Every year, more than hundreds of millions of user accounts end up getting exposed to the dark web, either through malware or phishing attacks. According to a report by Privacy Rights Clearinghouse, a non for profit organization in California, around 11.6 Billion user accounts have been hacked since the year 2005. The hacked accounts are then either uploaded on hacker websites or posted on the dark web for sale.
These websites and dark web can be accessed only through a specific browser called Tor. “Then there’s Tor, the darkest corner of the Internet. It’s a collection of secret websites (ending in .onion) that require special software to access them. People use Tor so that their Web activity can’t be traced — it runs on a relay system that bounces signals among different Tor-enabled computers around the world,” says Jose Pagliery from CNN Business.] The hackers use these purchased passwords and try logging in with them to several other websites until they are successful, a technique known as credential stuffing.
You may be interested in...
The hackers used credential stuffing to steal more than 500,000 Zoom user accounts and uploaded them later on the dark web. In response to this, Zoom spokesperson has confirmed that they suspect the hackers used credential stuffing to breach the accounts. “You can help prevent some of these attacks by banning the use of bad passwords, blocking legacy authentication, and training employees on phishing,” says Microsoft’s security website on “how to prevent your company from web attacks.”