The annual Identity Exposure Report from SpyCloud shows that there is a general lack of understanding of password security. SpyCloud's database of recaptured assets is combined with analysis and human intelligence in the report. In 2021, researchers identified 1.7 billion exposed credentials, an increase of 15% over the prior year, and 13.8 billion assets containing personally identifiable information (PII). 

Using weak, common, or easily guessable passwords put consumers and companies at risk for fraud and cyberattacks. One study uncovered 45 million "pass" credentials, 12.7 million "123456" credentials, and 7.5 million "password" credentials among exposed plaintext credentials.

Weak passwords on multiple accounts pose a particular security risk. If a person has hundreds of online accounts, they could lose access to all of them if just one credential is compromised. A four-point increase from last year's report shows that 64% of users exposed to two breaches or more reused compromised passwords across multiple accounts in 2021. Approximately 82% of reused passwords had no slight variations (not even special characters or numbers). 

Since there are so many accounts to manage, it is common for users not to realize how vulnerable they are. If people do not regularly change their passwords, they may unwittingly leave compromised credentials in place for a long time.

Current events and pop culture also appear to be closely related to compromised passwords. In many cases, criminals can easily guess password choices that reflect common interests. With titles like Loki and WandaVision, over 650,000 credentials were exposed. It was estimated that 52,000 passwords were connected to Britney Spears or the Free Britney movement. The COVID-19 pandemic, politics, and sports all played a role in the report.
The diversity of PII assets analyzed in the report illustrated the risks associated with bad password hygiene. Criminals targeted more than just account credentials. They also targeted addresses, phone numbers, marital status, dates of birth, and more. Criminals can bypass multifactor authentication with extensive personal information if they possess extensive personal information.

This report emphasizes the importance of being responsible when it comes to passwords despite these concerning trends. In today's world, cyber threats are on the rise, and both consumers and businesses must take proactive measures to protect themselves. Password managers and proactive asset monitoring are some of the tools that can be used to accomplish these steps. Passphrases should also be complex, and difficult to guess, and users should be cautious when opening unconfirmed links, attachments, or applications with malware. 
Source: SpyCloud's 2022 Identity Exposure Report

Latest Resources

See all resources