For credit cards, 94.5% of the cases detected on the dark web include full card details with cvv number and expiry date, and in half the cases the cardholder's first and last name are also correctly matched
Approximately half the stolen accounts are linked to entertainment sites, mainly gaming and online dating.
The pandemic has provided more opportunities for hackers, with a further acceleration of criminal activities in 2021.
Data from the CRIF Cyber Observatory confirms that in the first half of this year, over 1 million alerts were received from users regarding an IT attack on their personal data, an increase of 56.3% compared to the previous survey.
In particular, the analysis focuses on alerts relating to information found on the dark web (i.e. a set of web environments that do not appear through normal Internet browsing activities and require specific browsers or targeted searches), within which billions of records are illegally circulating. In the first half of 2021, we saw an 18% increase in data found on the dark web compared to the second half of 2020. It is precisely in these environments that the largest amount of information obtained through cyber fraud is found. In Italy, 72.9% of users were alerted in relation to data found on the dark web, compared to 27.1% alerted in relation to data found on the public web (open web).
The environments in which the largest amount of stolen data is exchanged are forums, blogs and messaging platforms. In addition to specific search engines (e.g. TOR, DuckDuckGo), Telegram in particular is increasingly becoming a kind of virtual meeting place for hackers alongside the dark web, with the same purpose of sharing personal data, such as lists of stolen e-mail addresses and passwords.
"A huge amount of data is circulating on the dark web in relation to unsuspecting citizens, who run the risk of being the victim of identity theft and online scams. However, the level of knowledge and awareness of large sections of the population is still very low and even minimal forms of protection are not adopted, such as choosing sufficiently complex passwords, not using the same password for several accounts and changing it frequently, and storing credentials safely and not sending them by e-mail or text message. Hackers are getting more and more aggressive and users need to defend themselves by adopting good practices to make life more difficult for them," commented Beatrice Rubini, Executive Director Personal Solutions at CRIF.
THE MOST VULNERABLE DATA CIRCULATING ON THE DARK WEB
According to the CRIF Observatory, the personal data that predominantly circulates on the dark web, and therefore most exposed to the risk of attacks against unsuspecting victims, are passwords, personal or company email addresses, usernames and telephone numbers. In the first half of the year, first and last names were also among the top five most vulnerable data.
This valuable information could be used to commit fraud, for instance through phishing or smishing. However, there are also exchanges of financially relevant data, such as credit card details and IBANs.
Looking at the main combinations of data intercepted on the web, there has been a marked increase in the number of cases where full credit card details appear correctly matched with the cardholder's first and last name (56.4% of cases in the first six months of 2021 compared to 20.8% in the previous six months). This clearly exposes them to a high risk of suffering fraud or unauthorized transactions.
Similarly, in almost 9 out of 10 cases the matching of usernames and passwords was intercepted, resulting in a very high risk of intrusion into victims' secure areas.
Main data combinations |
2nd half 2020 |
1st half 2021 |
Email + Password |
96.32% |
96.66% |
Phone number + password |
47.23% |
49.32% |
Full credit card (with cvv number and expiry date) |
98.60% |
94.48% |
Username + Password |
84.68% |
89.02% |
Full credit card + First and Last Name |
20.81% |
56.40% |
Phone number + First and Last Name |
18.71% |
50.63% |
Source: CRIF Cyber Observatory
The Observatory's findings also highlight that, in the first half of 2021, the cards found on the dark web are mainly debit and prepaid cards, with around 70% of cases in Italy. However, personal data can also be found on the open web. In this case, in the first half of 2021, users in Italy were alerted about their e-mail address (in 58.2% of the data collected), tax code (37.6%), phone number (1.9%), username (1.7%), and address (0.5%).
MOST COMMONLY USED PASSWORDS
Globally, in first place in the top 10 most used passwords in the first half of 2021 is "123456", followed by "123456789" and "qwerty", as in the previous six months. A change can be seen in the bottom positions of the top 10, where "querty123" overtakes "1234567890".
TOP 10 1st half 2021 |
|
1 |
123456 |
2 |
123456789 |
3 |
qwerty |
4 |
Password |
5 |
12345 |
6 |
12345678 |
7 |
111111 |
8 |
qwerty123 |
9 |
1234567890 |
10 |
1234567 |
"These are very simple combinations of numbers and letters that are easily intercepted by hackers and therefore highly vulnerable. On the other hand, the use of such basic passwords reveals the inexperience or laziness of some web users, who often do not follow the most basic rules to protect themselves from attacks, for example by choosing long and different passwords for each important account, with combinations that have no link with personal information. To limit the spread of this sensitive data, it is important for users to activate two-factor authentication where possible, to prevent hackers from accessing accounts even after having discovered the username and password. It is equally important to pay the utmost attention to the use of public Wi-Fi networks, where even the most secure password could be intercepted, and to the risks associated with storing credentials on public or shared computers," explained Beatrice Rubini.
THE MOST HACKED ACCOUNTS AND WHAT THEY ARE USED FOR
Stolen credentials can be used for a variety of unlawful activities, such as hacking into victims' accounts, misusing services, sending emails with requests for money or phishing links, and sending malware or ransomware in order to extort or steal money.
Through a qualitative analysis of the contexts in which data circulates, the CRIF Cyber Observatory was able to categorize the accounts according to the purpose of use.
Most commonly detected accounts |
1st half 2021 |
Entertainment |
46.6% |
Forums and websites |
20.8% |
Streaming services |
18.7% |
Social media |
13.7% |
Corporate databases |
0.2% |
Source: CRIF Cyber Observatory
MOST EXPOSED Users
Analyzing the characteristics of Italian users who, in the first six months of the year, received at least one alert about a possible theft of personal data, the study shows that the age groups most affected are 41-50 and 51-60, with 27.1% and 25.3% of the total respectively, followed by the over 60s with a share of 24%.
Younger users under 30 are significantly less represented (only 6.5% of the total), perhaps due to their greater familiarity with digital environments.
As far as the gender breakdown is concerned, the majority of users who received an alert were men (64.2% of the total), while women accounted for just over a third of alerted users (35.8%).
CRIF Cyber Observatory analyzes the vulnerability of people and companies to cyber-attacks both on open web and dark web. It In 2021 nearly 2 million of alerts were sent through CRIF services, with an increase by 48,7% vs 2020. Alerts were related to data both found on the open web and on the dark web, with an increase of the latter by 57,9%.
Read moreThe users most at risk are men between the ages of 31 and 40. 73.2% of stolen accounts are linked to entertainment sites (online gaming and streaming), followed by financial services. Italy ranks 6th overall among the most affected countries.
Read morePlease fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!