Proton Exposes 300 Million Stolen Credentials — 49% Include Passwords

ByDavey Winder,

Senior Contributor.

Passwords are the keys to your online kingdom. An attacker with the correct password can access accounts and the data within and even beyond them; that’s a security no-brainer, right? So why are hundreds of millions of them ending up on the dark web to be traded by threat actors? In the last 10 days alone, we have seen reports of humanized password stealers targeting Android users, a 183 million credential leak that included Gmail account passwords, and password manager giant LastPass having to issue warnings to users after active master password attacks were reported. Now, the Swiss-based internet privacy outfit Proton has confirmed that it has uncovered a total of 300 million credentials, with passwords appearing in 49% of them, using a new dark web Data Breach Observatory tool.

As the move towards a passwordless future plods ever slowly on, with many hurdles to overcome despite the best efforts of the likes of WhatsApp and Google, passwords remain one of the weakest links in your account security protections. Everything from password reuse, and please don’t do that, to successful phishing and other attacks, exposes password users to risk. This has been oh-so-clearly demonstrated with the launch of the Data Breach Observatory resource by Proton.