ISLAMABAD: Kaspersky Digital Footprint Intelligence has claimed that nearly 10 million devices fell victim to data-stealing worldwide in 2023.

According to Kaspersky’s data, 443,000 websites worldwide have experienced compromised credentials in the past five years. The .com domain leads to compromised accounts; nearly 326 million logins and passwords for websites on this domain were compromised in 2023. While the compromised accounts of .pk domain in Pakistan reached 2.4 million.

According to a statement, the latest reports on data stealing show a 643 percent increase over the past three years.

“The actual number of infections is likely to be even higher than 10 million. According to Kaspersky’s assessment of info-stealer log-file dynamics, the number of infections that occurred in 2023 is projected to reach roughly 16,000,000,” it stated.

With cybercriminals pilfering an average of 50.9 login credentials per infected device, the threat posed by data-stealers is growing for both consumers and businesses. In light of this growing threat, Kaspersky has launched a dedicated web page to raise awareness of the issue and provide strategies for mitigating associated risks.

Threat actors either utilise these credentials for their own purposes, including perpetrating cyberattacks, or sell or distribute them freely on dark web forums and shadow Telegram channels.

These credentials may encompass logins for social media, online banking services, crypto wallets, and various corporate online services, such as email and internal systems.

“The dark-web value of log files with login credentials varies depending on the data’s appeal and the way it’s sold there. Credentials may be sold through a subscription service with regular uploads, a so-called ‘aggregator’ for specific requests, or via a’shop’ selling recently acquired login credentials exclusively to selected buyers.

Prices typically begin at $10 per log file in these shops. This highlights how crucial it is for both individuals and companies—especially those handling large online user communities—to stay alert.

Leaked credentials carry a major threat, enabling cybercriminals to execute various attacks such as unauthorised access for theft, social engineering, or impersonation,” says Hafeez Rahman, technical group manager at Kaspersky.

To guard against data theft, individuals have been advised to use a comprehensive security solution for any device.

Published in Dawn, April 4th, 2024