Research shows cybercriminals exploit leaked passwords in just 7 days, with corporate credentials used in 3 days. Learn how to protect your accounts and data from attacks.
© RusPhotoBank
Russian data leak intelligence and darknet monitoring service DLBI conducted a study on how quickly cybercriminals use stolen login credentials. The analysis revealed that very little time passes between such data appearing in the open and its practical application for hacking accounts.
According to experts, leaked login-password pairs begin being used in automated attacks on average just 7 days after a leak. When it comes to credentials linked to corporate infrastructure—such as a company or government department domain—hacking attempts start even faster, at around 3 days.
This difference stems from the high value of corporate access. Such data is most often purchased directly by ransomware operators at higher prices, bypassing darknet forums and Telegram channels. The obtained access is then used almost immediately to attack organizations' internal networks.
It's noted that sellers of leaked data include not only hackers of online services but also operators of malicious stealer programs. These stealers pilfer saved passwords and session cookies directly from users' computers, and the share of such leak sources has been steadily growing in recent years.
DLBI founder Ashot Oganesyan emphasized that users should avoid password reuse, particularly not using the same combinations for work and personal services. He added that using external password managers, which offer higher protection than browser-built ones, and not neglecting antivirus software is also helpful. For corporate IT departments, he advised implementing two-factor authentication as widely as possible and using automated password compromise checking services, since the speed at which hackers process password leaks is likely to increase.