(An) empirical analysis of credential breaches from vulnerable websites

Abstract

Leaked credentials can yield severe problems if Internet users reuse their passwords in third-party services. In this circumstance, it is already prevalent that cybercriminals utilize leaked credentials to breach more critical information. To reduce the burdensome threats, several researches have centered around breached credentials, especially password reuse behaviors of users. However, there are still lack of large-scale analysis and diversity in credential sources. To address these limitations, we present a large-scale yet empirical analysis of the security risks in the breached victim websites and the security implications of their credentials using 361 million accounts breached from 22,379 websites. In our findings, we observe that 44% of the victim websites are still vulnerable to information leakage. As for the breached credentials, we figure out that 8.7 million national institute/corporate credentials are more likely to be targeted by cybercriminals. Additionally, we find that 86% of the users reuse the same passwords in multiple websites, which are noticeably higher than what the previous works measured due to the diversity of the victim websites in our dataset. We believe that our findings help researchers and practitioners obtain a deeper understanding of credential data breaches and remind Internet users of their security awareness.