leak credentials | Breaking Cybersecurity News | The Hacker News

Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them?  83% of compromised passwords  would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have access to billions of stolen credentials that can be used to compromise additional accounts by reusing those same credentials. To strengthen password security, organizations need to look beyond complexity requirements and block the use of compromised credentials. Need stolen credentials? There's a market for that Every time an organization gets breached or a subset of customers' credentials is stolen, there's a high possibility all those passwords end up for sale on the dark web. Remember the  Dropbox and LinkedIn hack  that resulted in 71 million and 117 million stolen passwords? There is an underground market that sells those credentials to hackers which they can then...

At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The  2023 Verizon Data Breach Investigations Report (DBIR)  revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated. Of these breaches by external actors, 49% involved the use of stolen credentials.  We'll explore why credential theft is still such an attractive (and successful) attack route, and look at how IT security teams can fight back in the second half of 2023 and beyond. Users are still often the weak link The hallmarks of many successful cyberattacks are the determination, inventiveness, and patience threat actors show. Though a user may spot some attacks through security and awareness training, it only takes one well-crafted attack to catch them. Sometimes all it takes is for a ...

Discover stories about threat actors' latest tactics, techniques, and procedures from Cybersixgill's threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT credentials flood dark web markets Over the past year, 100,000 stolen credentials for ChatGPT were advertised on underground sites, being sold for as little as $5 on dark web marketplaces in addition to being offered for free. Stolen ChatGPT credentials include usernames, passwords, and other personal information associated with accounts. This is problematic because ChatGPT accounts may store sensitive information from queries, including confidential data and intellectual property. Specifically, companies increasingly incorporate ChatGPT into daily workflows, which means employees may disclose ...

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack surface that many organizations are failing to address. According to GitGuardian's analysis of exposed secrets across public GitHub repositories, an alarming percentage of credentials detected as far back as 2022 remain valid today: "Detecting a leaked secret is just the first step," says GitGuardian's research team. "The true challenge lies in swift remediation." Why Exposed Secrets Remain Valid This persistent validity suggests two troubling possibilities: either organizations are unaware their credentials have been exposed (a security visibility problem),...

Guadeloupe is a Caribbean island located in the Leeward Islands, in the Lesser Antilles. Today a hacker going by name "UR0B0R0X" claimed to hack into the " Network Information Center Guadeloupe " (nic.gp), which is Guadeloupe National Domain registrar having control over domains of big companies like Google.gp, Paypal.gp, twitter.gp, Yahoo.gp,  and many more. Hacker claimed to hack server of  nic.gp and leak credentials (encrypted) of 1271 Guadeloupe domains and user accounts including usernames, email addresses and phone numbers from server as shown via a  paste-bin note . and complete database uploaded on a  file sharing  site.