Billions of Passwords on the Dark Web: What You Can Do

Estimated Reading Time: 6 Minutes

“Nothing in life is certain but death and taxes.” – Benjamin Franklin

Unfortunately, nowadays, we can also add, “scams, identity theft, and data breaches.”

Recently, Cybernews reportedly uncovered a massive collection of exposed user credentials. We’re talking about a staggering 16 billion credentials for social media accounts, corporate tools, developer platforms, and more. This particular data leak has left the cybersecurity community and the public feeling on edge. The numbers are eye-opening, and if even only part of the data is accurate, the implications are serious – for businesses and consumers.

But is the situation as dire as it sounds?

A CyberScoop article offers a healthy dose of skepticism. Multiple cybersecurity experts cited in the piece “either outright disputed those claims or questioned the data and analysis upon which the assertion was based.” In other words, much of the data could be from previous leaks, and there is limited evidence of widespread exploitation of infostealers in this incident.

That said, there is a lot of stolen data on the dark web, and we will continue hearing about new – and repackaged – data breaches, leaks, and collections of stolen information. As a result, consumers will be aware and more likely to look to – and expect help from – the brands they trust.

Key Takeaways

• Credential theft remains a leading method of breach, with infostealers stealing 2.1 billion credentials in 2024, accounting for two-thirds of all stolen data.
  
  
• Infostealers quietly collect sensitive data, like passwords and autofill info, then sell or trade it on the dark web.
  
  
• Consumers are concerned, but their cybersecurity measures have gaps. 88% worry about password breaches, yet only about 30% follow all cybersecurity best practices.
  
  
• Brands have a major opportunity to provide complete identity and cyber protection tools that consumers desire – and are ready to pay for.

The Rise of Infostealers & Credential Theft: What You Need to Know

Even if the details of the Cybernews research aren’t as alarming as the media initially suggested, credential theft remains a serious and frightening threat. According to Verizon, credential abuse was the leading initial access point for breaches in 2024. Furthermore, in the same year, infostealers were used to steal 2.1 billion credentials, making up nearly two-thirds of the 3.2 billion credentials stolen from organizations, as reported by Flashpoint.

Once installed – often through phishing emails, malicious ads or links, or virus-infected downloads – they quietly siphon sensitive user data, including:

• Saved usernames and passwords
• Autofill data and browser cookies
• Email content and chat histories

From there, the data is dumped, sold, or traded on the dark web.

Even if some of the stolen data has already been exposed in earlier breaches, the repackaging of it keeps the threat alive. Unfortunately, cybercriminals are skilled at combining old data with new attack methods to maximize the damage.

What Consumers Can Do Right Now to Protect Their Personal Data

With numerous attention-grabbing headlines about recent (and increasingly alarming) data breaches, leaks, scams, or identity fraud tactics, your audience is becoming more aware of cyber threats. However, many consumers are unsure where to start when it comes to protecting themselves. Sharing simple, actionable advice and guidance not only empowers them but also positions your brand as a responsible company and a trusted partner in their digital safety.

Here are some key cyber-safety tips you can share with your customers to help them reduce their risk and stay ahead of cyber threats.

• Update your passwords. Start with your most sensitive accounts, like online banking, email, and medical-related accounts. If you've used any recycled passwords, be sure to change those as well.
  
  
• Use long, complex, and unique passwords. A strong password includes a mix of uppercase and lowercase letters, numbers, and special characters (*, @, $, &, etc.). How long is “long”? It’s recommended to have at least 10-12 characters for each password.
  
  
• Use a password manager. Password managers ease the burden of creating, remembering, and storing passwords for all your online accounts. They also help prevent the temptation to reuse or create passwords that are too simple.
  
  
• Enable Multi-Factor Authentication (MFA). Whenever possible, activate MFA (also known as Two-Factor Authentication or 2FA). It provides an extra layer of security, even if your password is compromised.
  
  
• Perform a dark web scan. Use a reputable service to verify if your email, profile usernames, or other private information has been exposed in known breaches.
  
  
• Be cautious of unfamiliar senders, links, and unexpected attachments. Avoid clicking on suspicious links in emails, text messages, or online pop-up ads, especially those urging immediate action or promising “too-good-to-be-true” solutions.
  
  
• Use browser security tools. There are all-in-one data privacy tools available, complete with a virtual private network (VPN) to keep web traffic private, secure browsing capabilities to warn you before visiting suspicious websites, parental controls, and more.

Consumer Apathy is Growing; But There’s an Opportunity for Businesses

Let’s be honest: consumers are growing tired of headlines about data breaches. But they’re also worried. While many have a false sense of security, there are still high levels of concern among the public. Iris’ ICC Survey reveals this key paradox:

• 87% of consumers feel secure when using internet-connected devices.
  
  
• Yet, 88% are concerned about password compromise, and 85% worry about their personal devices being hacked.
  
  
• 78% are worried about being scammed.
  
  
• Only 3 in 10 consumers follow all recommended cybersecurity best practices.
  
  
• 82% already use at least one identity or cyber protection tool.
  
  
• Furthermore, 66% say they would pay for a comprehensive solution.

These aren’t just stats. These insights reveal a key opportunity: consumers want protection – but they aren’t consistently taking action. With many consumers willing to pay for comprehensive protection, it’s a major missed opportunity for brands that do not offer protection solutions now.

That’s one reason why Iris makes it easy for brands to offer in-demand protection solutions to their audiences. With the Iris Identity Protection Platform, Iris partners choose the best combination of solutions, delivered through the experience option that suits the business and customer base. Iris works with businesses across various industries, including retail, telecommunications, financial services, insurance, real estate, and more. As a result, we have experience working with and developing tools for a diverse range of our partners’ audiences.

Explore Iris’ library of solutions and contact us today to start building and delivering the ideal identity protection experience for your customers, clients, members, and employees.

Let's Get Started