Stolen credentials are being actively traded on the dark web, and Proton has just confirmed a whopping 300 million of them. Here’s what you need to know.
Updated November 1 with further analysis of how leaked and stolen passwords are abused using genuine accounts in light of the Proton exposure of 300 million credentials available on dark web cybercrime markets.
Passwords are the keys to your online kingdom. An attacker with the correct password can access accounts and the data within and even beyond them; that’s a security no-brainer, right? So why are hundreds of millions of them ending up on the dark web to be traded by threat actors? In the last 10 days alone, we have seen reports ofwere reported. Now, the Swiss-based internet privacy outfit Proton has confirmed that it has uncovered a total of 300 million credentials, with passwords appearing in 49% of them, using a new dark web Data Breach Observatory tool. As the move towards a passwordless future plods ever slowly on, with many hurdles to overcome despite the best efforts of the likes ofand Google, passwords remain one of the weakest links in your account security protections. Everything from password reuse, and please don’t do that, to successful phishing and other attacks, exposes password users to risk. This has been oh-so-clearly demonstrated with the launch of the Rather than rely upon disclosures from impacted organizations, Proton has gone directly to the source of the stolen data: thetherein, where stolen credentials are traded. The Data Breach Observatory provides consumers and businesses alike “previously unobtainable transparency,” Proton said, by drawing data from the criminals themselves.The numbers are, frankly, both shocking to read and reasonably expected given the state of password security. Over 300 million individual records exposed, and this does not include the ‘combo’ datasets that aggregate and duplicate data from other leaks, with 71% identified as being from SMBs and 49% including passwords.Mark Robson, a senior tactical threat analyst, and Andrew Nicchi, a senior incident response analyst, both with Fortinet, have confirmed just how dangerous and prolific the abuse of stolen credentials in conjunction with perfectly genuine accounts is. In a detailedpublished by Fortinet Labs Threat Research, the pair have revealed that “attackers are continuing to rely on valid accounts and legitimate remote access tools instead of ‘implant-heavy’ intrusions.” I mean, it’s not surprising, given that so many credentials are being exposed and made available so readily to pretty much any threat actor who can afford them. Many such databases are even passed around on criminal forums for free. “This approach allows threat actors to blend in with normal business activity, making detection significantly harder,” Fortinet warned, adding that “in many cases, the ‘breach’ was not a sophisticated exploit—it was simply a successful login event buried among routine ones.” In other words, indicative of prior credential-harvesting phishing incidents or infostealer malware attacks. “Data breaches targeting online services are becoming ever more frequent, with over three hundred million individual records already exposed this year on the dark web,” Eamonn Maguire, director of engineering, AI & ML, at Proton, said. “If your credentials are compromised, receiving timely alerts is essential to secure your accounts, prevent identity theft, and minimize financial losses,” Maguire concluded. You know what to do: check for any leaked credentials now, switch to using passkeys wherever possible, and ensure that two-factor authentication is in place where not.
Proton VPN Proton Data Breach Observatory Dark Web Passwords Dark Web Passwords Stolen Passwords Credential Theft Hundreds Of Millions Of Passwords Now Confirmed Le
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Kingfisher Grill & Bar feeds nearly 300 federal workers during the government shutdownJevon 'JJ' McKinney is a multimedia professional, dedicated to using his talents to give a platform to the voices of his community. He joined the KGUN team as a Multimedia Journalist in July of 2025.
Read more »
300 piles of human remains discovered in desert outside Las Vegas, investigation ongoing'I think most of us just felt like, 'What a shame.''
Read more »
Pluto TV Reveals List of 300 Movies Streaming Free in November 2025The free lineup on Pluto TV is getting a massive influx of new movie options in November.
Read more »
Proton Exposes 300 Million Stolen Credentials — 49% Include PasswordsStolen credentials are being actively traded on the dark web, and Proton has just confirmed a whopping 300 million of them. Here’s what you need to know.
Read more »
One of N.J.’s deadest malls slated to get second life with new shops, 300+ homesThe project includes townhouses, apartments and commercial space at the mall that closed after a 2024 fire in the food court area.
Read more »
Proton Exposes 300 Million Stolen Credentials — 49% Include PasswordsStolen credentials are being actively traded on the dark web, and Proton has just confirmed a whopping 300 million of them. Here’s what you need to know.
Read more »