Data breaches provide criminals the raw material they need to perpetrate fraud online. For online merchants, a seemingly unending increase in stolen username/password combinations has led to ever more credential stuffing and ATO attacks. According to a new report, however, the number of available login credentials publicly exposed dropped for the first time in three years.
Overall, according to the 2021 Midyear Report: Data Breach Quick View from Risk Based Security, the number of data breaches reported worldwide in the first half of 2021 decreased from the same period last year by 24 percent to 1,767. And, the number of records exposed in those intrusions fell 32 percent to 18.8 billion records.
Email and passwords fell significantly as types of data stolen in breaches. Email addresses, which accounted for 67 percent of the data stolen in 2019, accounted for only 17 percent of stolen data in 2021. And passwords also fell precipitously as a target, decreasing from 60 percent in 2019 to 11 percent this year. Authors of the report warn not to take too much satisfaction from the dips, however.
“While that may sound like good news on the surface, the amount of email addresses and passwords exposed remains stubbornly high. In the first half of the year, over 16 billion passwords along with email addresses were compromised,” the report said. “Despite the small number of breaches that exposed access credentials, there is still an astounding amount of this data available.”