From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover

The average person uses some 191 services that require them to enter passwords or other credentials. That’s a lot to keep on top of, and it presents a huge problem if compromise occurs, particularly if a person uses the same credentials across multiple services. Over the past 2.5 years, the Digital Shadows Photon Research team has been analyzing how cybercriminals conspire to prey upon users of online services by “taking over” the accounts they all use on an everyday basis―for banks, to stream videos or music, for work―the list goes on.

For this paper we closely examine this ubiquitous problem, including how attackers approach account takeovers (ATO). Using the Digital Shadows SearchLightTM service, which maintains a database of breached credentials and scours criminal forums for attackers’ trends, data dumps, advertisements and tools.

For more, check out our blog on the topic here: https://digitalshadows.com/blog-and-research/from-exposure-to-takeover-part-1-beg-borrow-and-steal-your-way-in/

Watch our on-demand webinar on the topic here: https://resources.digitalshadows.com/webinars/account-takeover-webinar

Previous Report

A Practical Guide to Reducing Digital Risk

This practical guide provides advice to help understand how to identify critical business assets, understan...

Next Report

Applying the Analysis of Competing Hypotheses to the Cyber Domain

We define the strengths and weaknesses of ACH in the cyber-threat domain, with a "customer-centric" view th...

Digital Shadows Named #1 in Digital Risk Protection

Read Report

Return to Home

Brand Protection

Data Exposure

Cyber Threat Intelligence

From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover

Previous Report

Next Report

Most Recent Flipbooks

Photon Research Team uncovered 24 billion + exposed credential pairings available online. Read the full assessment and potential impact on account takeovers.

This Vulnerability Intelligence Solutions Guide covers the CVSS and beyond, Top 10 Priority Intelligence Requirements, and how to operationalize Vulnerability Intelligence.

Initial access brokers are benefitting from a rise in adoption of remote access software. This Initial Access Brokers Report analyzes this phenomenon and what it means for security practitioners.

This practical guide provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.

We define the strengths and weaknesses of ACH in the cyber-threat domain, with a "customer-centric" view that can aid analysts in presenting intelligence to a decision maker.

Digital Shadows has contributed to Optiv's 2020 Threat Intelligence Landscape Estimate, which provides a view of the cyber-threat landscape to help organizations mitigate risk and strengthen their...

There are now 750 million more files exposed than we reported last year; not all of them are blatantly sensitive, but there is plenty of gold in these mountains.

We took a deep-dive into the cybercriminal underground to investigate the persistence of forums, uncovering several reasons they remain attractive amid appealing alternatives.

A technical assessment of the most popular mitigation for account takeover attacks

A quick guide to understanding how your company looks to attackers.

This Solutions Guide to learn how to protect your organizations social footprint with the top Social Media Monitoring use cases Digital Shadows has identified.

In this report, Digital Shadows’ Photon Team analyzed a data set of more than 175,000 impersonating domains raised to our clients over four months of 2021.

This guide outlines what potential data sources, detection methods, context, and remediation actions to consider if you want to effectively monitor domains and mitigate the risk of data loss, exposed

This guide shares years of operational best practices and expands on where dark web intelligence is useful and can be effectively leveraged into action for security teams.

This guide outlines how to detect, analyze, and remediate data leakage–including a treasure chest of free tooling.

This guide outlines best practices for cyber threat intelligence and features resources to leverage when developing or improving your organization's cyber threat intelligence capabilities.