2024 Specops Breached Password Report: Two million compromised cloud credentials used ‘123456’ as password

Jan. 23, 2024
The report coincides with a new malware-stolen password data integration for the Specops Breached Password Protection Service, powered by the threat intelligence unit of parent company Outpost24.

Philadelphia – Jan. 23, 2024 - Specops Software, a provider of password management and user authentication solutions, today announced the addition of a new source of compromised password data for the Specops Breached Password Protection service used by Specops Password Policy. This new source of compromised password data is powered by the threat intelligence unit of Specops Software’s parent company, Outpost24. 

The Outpost24 threat intelligence unit, KrakenLabs, specializes in tracking threat actors, reverse engineering of malware, and analyzing threats to generate crucial intelligence that powers the Outpost24 threat intelligence solution and now an additional data source for the Specops Breached Password Protection service. KrakenLabs constantly monitors the dark web for illicit activity to ensure organizations stay ahead of emerging threats. 

“We are thrilled to be working closer with our Outpost24 colleagues on bringing this compromised password data source to Specops Password Policy customers,” said Darren James, Senior Product Manager at Specops Software. “This new data source means that our customers’ AD passwords are even more protected against the danger posed by password reuse.” 

This new data source from the Outpost24 threat intelligence solution includes passwords from both leaked credentials in underground markets and stolen credentials obtained by malware. This compromised password data is collected through the Outpost24 infrastructure of sinkholes, honeypots, crawlers, and sensors that are continuously searching, and can also capture credentials obtained by malware in real-time. 

The threat intelligence compromised password data source has added over 33 million new passwords to the Specops Breached Password Protection service so far. 

The 2024 Specops Breached Password Report 

The new compromised password data source announced today coincides with the publication of the 2024 Specops Breached Password Report. The report includes findings from the same team that powers the new threat intelligence compromised password data source. 

“This year’s Breached Password Report shows us that, yes the password is still a problem for IT teams and a weak point in many organization’s cybersecurity strategies,” shared James. “New this year are insights from the Outpost24 threat intelligence unit on SaaS password data, underscoring the need for IT teams to protect against the risk posed by password reuse.” 

Key Report Findings Include:

  • Standard procedure: Passwords remain the primary authentication method for 88% of organizations. 
  • Lurking risk: Only half of organizations scanned for compromised passwords more than once a month. 
  • Luckiest number?: Active Directory passwords with 13-character minimums were found to dramatically lower risk from reuse. 
  • However, longer, not always better: 31.1 million breached passwords had over 16 characters. 
  • Open door: After analyzing 1.8 million breached administrator credentials, 40,000 admin portal accounts were found to be using ‘admin’ as a password. 
  • Common theme: Keyboard walks such as ‘qwerty’ are weak passwords used by millions of end users.

Report methodology 

The research in this report has been compiled through proprietary surveys and data analysis of 800 million breached passwords, a subset of the more than 4 billion breached passwords within the Specops Breached Password Protection list. As well as analysis of more than 2 million business application credentials hacked by malware and 1.8 million admin portal credentials from the Outpost24 threat intelligence team. 

To read more about the methodology and findings download the report here

Today’s report coincides with the addition of over 7.7 million compromised passwords to the Specops Password Auditor which compares a read-only scan of active directory passwords against a list of almost one billion – without storing or altering data.  

With Specops Password Policy and Breached Password Protection, organizations can continuously protect against over 3 billion more known, unique compromised passwords found within malware or counted among known breaches, which can help to streamline compliance reporting requirements such as NIST or NCSC. 

For more about the methodology and findings download the report here.